diff options
Diffstat (limited to 'src')
590 files changed, 13020 insertions, 17973 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index c631adff2..cd75de5e9 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -16,10 +16,6 @@ if USE_TLS SUBDIRS += libtls endif -<<<<<<< HEAD -if USE_FILE_CONFIG - SUBDIRS += libfreeswan starter ipsec _copyright -======= if USE_LIBCHARON SUBDIRS += libcharon endif @@ -30,7 +26,6 @@ endif if USE_IPSEC_SCRIPT SUBDIRS += ipsec _copyright ->>>>>>> upstream/4.5.1 endif if USE_PLUTO @@ -38,11 +33,7 @@ if USE_PLUTO endif if USE_CHARON -<<<<<<< HEAD - SUBDIRS += libcharon charon -======= SUBDIRS += charon ->>>>>>> upstream/4.5.1 endif if USE_STROKE @@ -57,13 +48,10 @@ if USE_TOOLS SUBDIRS += libfreeswan openac scepclient pki endif -<<<<<<< HEAD -======= if USE_CONFTEST SUBDIRS += conftest endif ->>>>>>> upstream/4.5.1 if USE_DUMM SUBDIRS += dumm endif @@ -88,8 +76,4 @@ EXTRA_DIST = strongswan.conf install-exec-local : test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)" -<<<<<<< HEAD - test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true -======= test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true ->>>>>>> upstream/4.5.1 diff --git a/src/Makefile.in b/src/Makefile.in index efa3a0913..eff3f1337 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -37,19 +37,6 @@ host_triplet = @host@ @USE_LIBHYDRA_TRUE@am__append_2 = libhydra @USE_SIMAKA_TRUE@am__append_3 = libsimaka @USE_TLS_TRUE@am__append_4 = libtls -<<<<<<< HEAD -@USE_FILE_CONFIG_TRUE@am__append_5 = libfreeswan starter ipsec _copyright -@USE_PLUTO_TRUE@am__append_6 = pluto whack -@USE_CHARON_TRUE@am__append_7 = libcharon charon -@USE_STROKE_TRUE@am__append_8 = stroke -@USE_UPDOWN_TRUE@am__append_9 = _updown _updown_espmark -@USE_TOOLS_TRUE@am__append_10 = libfreeswan openac scepclient pki -@USE_DUMM_TRUE@am__append_11 = dumm -@USE_FAST_TRUE@am__append_12 = libfast -@USE_MANAGER_TRUE@am__append_13 = manager -@USE_MEDSRV_TRUE@am__append_14 = medsrv -@USE_INTEGRITY_TEST_TRUE@am__append_15 = checksum -======= @USE_LIBCHARON_TRUE@am__append_5 = libcharon @USE_FILE_CONFIG_TRUE@am__append_6 = libfreeswan starter @USE_IPSEC_SCRIPT_TRUE@am__append_7 = ipsec _copyright @@ -64,7 +51,6 @@ host_triplet = @host@ @USE_MANAGER_TRUE@am__append_16 = manager @USE_MEDSRV_TRUE@am__append_17 = medsrv @USE_INTEGRITY_TEST_TRUE@am__append_18 = checksum ->>>>>>> upstream/4.5.1 subdir = src DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -99,15 +85,9 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = . include libstrongswan libhydra libsimaka libtls \ -<<<<<<< HEAD - libfreeswan starter ipsec _copyright pluto whack libcharon \ - charon stroke _updown _updown_espmark openac scepclient pki \ - dumm libfast manager medsrv checksum -======= libcharon libfreeswan starter ipsec _copyright pluto whack \ charon stroke _updown _updown_espmark openac scepclient pki \ conftest dumm libfast manager medsrv checksum ->>>>>>> upstream/4.5.1 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -253,13 +233,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ -ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -280,6 +254,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -298,14 +274,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -317,12 +291,8 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_4) $(am__append_5) $(am__append_6) \ $(am__append_7) $(am__append_8) $(am__append_9) \ $(am__append_10) $(am__append_11) $(am__append_12) \ -<<<<<<< HEAD - $(am__append_13) $(am__append_14) $(am__append_15) -======= $(am__append_13) $(am__append_14) $(am__append_15) \ $(am__append_16) $(am__append_17) $(am__append_18) ->>>>>>> upstream/4.5.1 EXTRA_DIST = strongswan.conf all: all-recursive @@ -673,11 +643,7 @@ uninstall-am: install-exec-local : test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)" -<<<<<<< HEAD - test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true -======= test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true ->>>>>>> upstream/4.5.1 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/_copyright/Makefile.am b/src/_copyright/Makefile.am index edffcfc25..405e08b3d 100644 --- a/src/_copyright/Makefile.am +++ b/src/_copyright/Makefile.am @@ -1,9 +1,5 @@ ipsec_PROGRAMS = _copyright _copyright_SOURCES = _copyright.c -<<<<<<< HEAD -dist_man8_MANS = _copyright.8 -======= ->>>>>>> upstream/4.5.1 INCLUDES = \ -I$(top_srcdir)/src/libfreeswan \ diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in index 321eeadea..5eab0bb5b 100644 --- a/src/_copyright/Makefile.in +++ b/src/_copyright/Makefile.in @@ -36,12 +36,7 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = _copyright$(EXEEXT) subdir = src/_copyright -<<<<<<< HEAD -DIST_COMMON = $(dist_man8_MANS) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in -======= DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ->>>>>>> upstream/4.5.1 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -57,11 +52,7 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -<<<<<<< HEAD -am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)" -======= am__installdirs = "$(DESTDIR)$(ipsecdir)" ->>>>>>> upstream/4.5.1 PROGRAMS = $(ipsec_PROGRAMS) am__copyright_OBJECTS = _copyright.$(OBJEXT) _copyright_OBJECTS = $(am__copyright_OBJECTS) @@ -83,33 +74,6 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(_copyright_SOURCES) DIST_SOURCES = $(_copyright_SOURCES) -<<<<<<< HEAD -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -man8dir = $(mandir)/man8 -NROFF = nroff -MANS = $(dist_man8_MANS) -======= ->>>>>>> upstream/4.5.1 ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -232,13 +196,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,6 +217,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -277,14 +237,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -293,10 +251,6 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ _copyright_SOURCES = _copyright.c -<<<<<<< HEAD -dist_man8_MANS = _copyright.8 -======= ->>>>>>> upstream/4.5.1 INCLUDES = \ -I$(top_srcdir)/src/libfreeswan \ -I$(top_srcdir)/src/libstrongswan @@ -417,43 +371,6 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -<<<<<<< HEAD -install-man8: $(dist_man8_MANS) - @$(NORMAL_INSTALL) - test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(dist_man8_MANS)'; test -n "$(man8dir)" || exit 0; \ - { for i in $$list; do echo "$$i"; done; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ - done | \ - sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ - sed 'N;N;s,\n, ,g' | { \ - list=; while read file base inst; do \ - if test "$$base" = "$$inst"; then list="$$list $$file"; else \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ - fi; \ - done; \ - for i in $$list; do echo "$$i"; done | $(am__base_list) | \ - while read files; do \ - test -z "$$files" || { \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ - done; } - -uninstall-man8: - @$(NORMAL_UNINSTALL) - @list='$(dist_man8_MANS)'; test -n "$(man8dir)" || exit 0; \ - files=`{ for i in $$list; do echo "$$i"; done; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ - test -z "$$files" || { \ - echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -======= ->>>>>>> upstream/4.5.1 ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -508,22 +425,6 @@ distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) -<<<<<<< HEAD - @list='$(MANS)'; if test -n "$$list"; then \ - list=`for p in $$list; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ - if test -n "$$list" && \ - grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ - echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ - grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ - echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ - echo " typically \`make maintainer-clean' will remove them" >&2; \ - exit 1; \ - else :; fi; \ - else :; fi -======= ->>>>>>> upstream/4.5.1 @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -555,15 +456,9 @@ distdir: $(DISTFILES) done check-am: all-am check: check-am -<<<<<<< HEAD -all-am: Makefile $(PROGRAMS) $(MANS) -installdirs: - for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)"; do \ -======= all-am: Makefile $(PROGRAMS) installdirs: for dir in "$(DESTDIR)$(ipsecdir)"; do \ ->>>>>>> upstream/4.5.1 test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -614,11 +509,7 @@ info: info-am info-am: -<<<<<<< HEAD -install-data-am: install-ipsecPROGRAMS install-man -======= install-data-am: install-ipsecPROGRAMS ->>>>>>> upstream/4.5.1 install-dvi: install-dvi-am @@ -634,11 +525,7 @@ install-info: install-info-am install-info-am: -<<<<<<< HEAD -install-man: install-man8 -======= install-man: ->>>>>>> upstream/4.5.1 install-pdf: install-pdf-am @@ -668,13 +555,7 @@ ps: ps-am ps-am: -<<<<<<< HEAD -uninstall-am: uninstall-ipsecPROGRAMS uninstall-man - -uninstall-man: uninstall-man8 -======= uninstall-am: uninstall-ipsecPROGRAMS ->>>>>>> upstream/4.5.1 .MAKE: install-am install-strip @@ -685,22 +566,12 @@ uninstall-am: uninstall-ipsecPROGRAMS install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am \ -<<<<<<< HEAD - install-ipsecPROGRAMS install-man install-man8 install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-ipsecPROGRAMS \ - uninstall-man uninstall-man8 -======= install-ipsecPROGRAMS install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-ipsecPROGRAMS ->>>>>>> upstream/4.5.1 # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index f6f6d5f48..d4361dd78 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -200,13 +200,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -227,6 +221,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -245,14 +241,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/_updown_espmark/Makefile.in b/src/_updown_espmark/Makefile.in index 55c5ce2c1..7e2839cb0 100644 --- a/src/_updown_espmark/Makefile.in +++ b/src/_updown_espmark/Makefile.in @@ -200,13 +200,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -227,6 +221,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -245,14 +241,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index 7192e9e96..3ba9c2731 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -199,13 +199,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -226,6 +220,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -244,14 +240,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/charon/charon.c b/src/charon/charon.c index 9e2d02b83..dda09f66d 100644 --- a/src/charon/charon.c +++ b/src/charon/charon.c @@ -26,11 +26,8 @@ #include <pthread.h> #include <sys/stat.h> #include <sys/types.h> -<<<<<<< HEAD -======= #include <syslog.h> #include <errno.h> ->>>>>>> upstream/4.5.1 #include <unistd.h> #include <getopt.h> #include <pwd.h> @@ -47,12 +44,9 @@ #include <private/android_filesystem_config.h> #endif -<<<<<<< HEAD -======= #ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */ #define LOG_AUTHPRIV LOG_AUTH #endif ->>>>>>> upstream/4.5.1 /** * PID file, in which charon stores its process id @@ -115,7 +109,16 @@ static void run() { case SIGHUP: { - DBG1(DBG_DMN, "signal of type SIGHUP received. Ignored"); + DBG1(DBG_DMN, "signal of type SIGHUP received. Reloading " + "configuration"); + if (lib->settings->load_files(lib->settings, NULL, FALSE)) + { + lib->plugins->reload(lib->plugins, NULL); + } + else + { + DBG1(DBG_DMN, "reloading config failed, keeping old"); + } break; } case SIGINT: @@ -279,8 +282,6 @@ static void unlink_pidfile() unlink(PID_FILE); } -<<<<<<< HEAD -======= /** * Initialize logging */ @@ -409,7 +410,6 @@ static void initialize_loggers(bool use_stderr, level_t levels[]) sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT); } } ->>>>>>> upstream/4.5.1 /** * print command line usage and exit @@ -537,15 +537,10 @@ int main(int argc, char *argv[]) goto deinit; } -<<<<<<< HEAD - /* initialize daemon */ - if (!charon->initialize(charon, use_syslog, levels)) -======= initialize_loggers(!use_syslog, levels); /* initialize daemon */ if (!charon->initialize(charon)) ->>>>>>> upstream/4.5.1 { DBG1(DBG_DMN, "initialization failed - aborting charon"); goto deinit; diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in index 0e68ed938..2e11fe1f5 100644 --- a/src/checksum/Makefile.in +++ b/src/checksum/Makefile.in @@ -237,13 +237,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,6 +258,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -282,14 +278,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in index 1c07710e0..a89df8f27 100644 --- a/src/conftest/Makefile.in +++ b/src/conftest/Makefile.in @@ -231,6 +231,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -254,6 +256,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c index fea88818e..48bf9681f 100644 --- a/src/conftest/conftest.c +++ b/src/conftest/conftest.c @@ -79,7 +79,7 @@ static bool load_configs(char *suite_file, char *test_file) return FALSE; } conftest->test = settings_create(suite_file); - conftest->test->load_files(conftest->test, test_file); + conftest->test->load_files(conftest->test, test_file, TRUE); conftest->suite_dir = strdup(dirname(suite_file)); return TRUE; } diff --git a/src/conftest/hooks/log_ts.c b/src/conftest/hooks/log_ts.c index dacc7a58c..fb7c89a0a 100644 --- a/src/conftest/hooks/log_ts.c +++ b/src/conftest/hooks/log_ts.c @@ -38,7 +38,6 @@ METHOD(listener_t, message, bool, { enumerator_t *enumerator; payload_t *payload; - linked_list_t *list; ts_payload_t *ts; enumerator = message->create_payload_enumerator(message); @@ -48,10 +47,29 @@ METHOD(listener_t, message, bool, payload->get_type(payload) == TRAFFIC_SELECTOR_RESPONDER) { ts = (ts_payload_t*)payload; + host_t *from, *to; + linked_list_t *list; + enumerator_t *tsenum; + traffic_selector_t *selector; + list = ts->get_traffic_selectors(ts); + tsenum = list->create_enumerator(list); + while (tsenum->enumerate(tsenum, &selector)) + { + from = host_create_from_chunk(AF_UNSPEC, + selector->get_from_address(selector), 0); + to = host_create_from_chunk(AF_UNSPEC, + selector->get_to_address(selector), 0); + + DBG1(DBG_CFG, "received %N: %N %H-%H proto %u port %u-%u", + payload_type_short_names, payload->get_type(payload), + ts_type_name, selector->get_type(selector), + from, to, selector->get_protocol(selector), + selector->get_from_port(selector), + selector->get_to_port(selector)); + } + tsenum->destroy(tsenum); - DBG1(DBG_CFG, "received %N: %#R", - payload_type_short_names, payload->get_type(payload), list); list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); } } diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in index 9b19f605e..4a8f142ca 100644 --- a/src/dumm/Makefile.in +++ b/src/dumm/Makefile.in @@ -226,13 +226,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -253,6 +247,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -271,14 +267,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/dumm/main.c b/src/dumm/main.c index 337a1a144..37e7ba8f7 100644 --- a/src/dumm/main.c +++ b/src/dumm/main.c @@ -101,8 +101,17 @@ static page_t* get_page(int num) static pid_t invoke(void *vte, guest_t *guest, char *args[], int argc) { - return vte_terminal_fork_command(VTE_TERMINAL(vte), args[0], args, NULL, - NULL, FALSE, FALSE, FALSE); + GPid pid; + + if (vte_terminal_fork_command_full(VTE_TERMINAL(vte), + VTE_PTY_NO_LASTLOG | VTE_PTY_NO_UTMP | VTE_PTY_NO_WTMP, + NULL, args, NULL, + G_SPAWN_CHILD_INHERITS_STDIN | G_SPAWN_SEARCH_PATH, + NULL, NULL, &pid, NULL)) + { + return pid; + } + return 0; } void idle(void) diff --git a/src/include/Makefile.am b/src/include/Makefile.am index 9edad1141..609e7c5b2 100644 --- a/src/include/Makefile.am +++ b/src/include/Makefile.am @@ -1,3 +1,3 @@ -EXTRA_DIST = linux/ipsec.h linux/netlink.h linux/rtnetlink.h \ +EXTRA_DIST = linux/if_alg.h linux/ipsec.h linux/netlink.h linux/rtnetlink.h \ linux/pfkeyv2.h linux/udp.h linux/xfrm.h linux/types.h \ linux/jhash.h sys/queue.h diff --git a/src/include/Makefile.in b/src/include/Makefile.in index b02da80c0..59a325a14 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -172,13 +172,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -199,6 +193,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -217,14 +213,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -232,7 +226,7 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -EXTRA_DIST = linux/ipsec.h linux/netlink.h linux/rtnetlink.h \ +EXTRA_DIST = linux/if_alg.h linux/ipsec.h linux/netlink.h linux/rtnetlink.h \ linux/pfkeyv2.h linux/udp.h linux/xfrm.h linux/types.h \ linux/jhash.h sys/queue.h diff --git a/src/include/linux/if_alg.h b/src/include/linux/if_alg.h new file mode 100644 index 000000000..0f9acce5b --- /dev/null +++ b/src/include/linux/if_alg.h @@ -0,0 +1,40 @@ +/* + * if_alg: User-space algorithm interface + * + * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au> + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ + +#ifndef _LINUX_IF_ALG_H +#define _LINUX_IF_ALG_H + +#include <linux/types.h> + +struct sockaddr_alg { + __u16 salg_family; + __u8 salg_type[14]; + __u32 salg_feat; + __u32 salg_mask; + __u8 salg_name[64]; +}; + +struct af_alg_iv { + __u32 ivlen; + __u8 iv[0]; +}; + +/* Socket options */ +#define ALG_SET_KEY 1 +#define ALG_SET_IV 2 +#define ALG_SET_OP 3 + +/* Operations */ +#define ALG_OP_DECRYPT 0 +#define ALG_OP_ENCRYPT 1 + +#endif /* _LINUX_IF_ALG_H */ diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h index 92d9258df..22e61fdf7 100644 --- a/src/include/linux/xfrm.h +++ b/src/include/linux/xfrm.h @@ -84,6 +84,16 @@ struct xfrm_replay_state { __u32 bitmap; }; +struct xfrm_replay_state_esn { + unsigned int bmp_len; + __u32 oseq; + __u32 seq; + __u32 oseq_hi; + __u32 seq_hi; + __u32 replay_window; + __u32 bmp[0]; +}; + struct xfrm_algo { char alg_name[64]; unsigned int alg_key_len; /* in bits */ @@ -283,10 +293,8 @@ enum xfrm_attr_type_t { XFRMA_KMADDRESS, /* struct xfrm_user_kmaddress */ XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */ XFRMA_MARK, /* struct xfrm_mark */ -<<<<<<< HEAD -======= XFRMA_TFCPAD, /* __u32 */ ->>>>>>> upstream/4.5.1 + XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_esn */ __XFRMA_MAX #define XFRMA_MAX (__XFRMA_MAX - 1) @@ -353,6 +361,8 @@ struct xfrm_usersa_info { #define XFRM_STATE_WILDRECV 8 #define XFRM_STATE_ICMP 16 #define XFRM_STATE_AF_UNSPEC 32 +#define XFRM_STATE_ALIGN4 64 +#define XFRM_STATE_ESN 128 }; struct xfrm_usersa_id { diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in index bf74828be..04ca97781 100644 --- a/src/ipsec/Makefile.in +++ b/src/ipsec/Makefile.in @@ -200,13 +200,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -227,6 +221,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -245,14 +241,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/ipsec/ipsec.8 b/src/ipsec/ipsec.8 index d0bd9ce70..6f4117be7 100644 --- a/src/ipsec/ipsec.8 +++ b/src/ipsec/ipsec.8 @@ -1,8 +1,4 @@ -<<<<<<< HEAD -.TH IPSEC 8 "2010-05-30" "4.5.0rc1" "strongSwan" -======= .TH IPSEC 8 "2010-05-30" "4.5.1" "strongSwan" ->>>>>>> upstream/4.5.1 .SH NAME ipsec \- invoke IPsec utilities .SH SYNOPSIS diff --git a/src/ipsec/ipsec.in b/src/ipsec/ipsec.in index 0f619d087..2ea0ef798 100755 --- a/src/ipsec/ipsec.in +++ b/src/ipsec/ipsec.in @@ -65,11 +65,7 @@ case "$1" in echo " rereadsecrets|rereadgroups" echo " rereadcacerts|rereadaacerts|rereadocspcerts" echo " rereadacerts|rereadcrls|rereadall" -<<<<<<< HEAD - echo " purgeocsp|purgeike" -======= echo " purgeocsp|purgecrls|purgecerts|purgeike" ->>>>>>> upstream/4.5.1 echo " scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]" echo " openac" echo " pluto" @@ -195,19 +191,11 @@ rereadall|purgeocsp) fi exit "$rc" ;; -<<<<<<< HEAD -purgeike) - rc=7 - if [ -e $IPSEC_CHARON_PID ] - then - $IPSEC_STROKE purgeike -======= purgeike|purgecrls|purgecerts) rc=7 if [ -e $IPSEC_CHARON_PID ] then $IPSEC_STROKE "$1" ->>>>>>> upstream/4.5.1 rc="$?" fi exit "$rc" diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk index 21a2b8ee6..90e2bdc6a 100644 --- a/src/libcharon/Android.mk +++ b/src/libcharon/Android.mk @@ -55,6 +55,7 @@ processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \ processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \ processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \ +processing/jobs/start_action_job.c processing/jobs/start_action_job.h \ processing/jobs/roam_job.c processing/jobs/roam_job.h \ processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \ processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \ @@ -63,6 +64,8 @@ sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \ sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \ sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \ sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \ +sa/authenticators/eap/sim_card.h sa/authenticators/eap/sim_provider.h \ +sa/authenticators/eap/sim_hooks.h \ sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \ sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \ sa/child_sa.c sa/child_sa.h \ @@ -89,8 +92,12 @@ sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \ sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \ sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \ sa/tasks/task.c sa/tasks/task.h \ -tnccs/tnccs.c tnccs/tnccs.h \ -tnccs/tnccs_manager.h tnccs/tnccs_manager.c +tnc/tncif.h tnc/tncifimc.h tnc/tncifimv.h tnc/tncifimv.c \ +tnc/imc/imc.h tnc/imc/imc_manager.h \ +tnc/imv/imv.h tnc/imv/imv_manager.h \ +tnc/imv/imv_recommendations.c tnc/imv/imv_recommendations.h \ +tnc/tnccs/tnccs.c tnc/tnccs/tnccs.h \ +tnc/tnccs/tnccs_manager.c tnc/tnccs/tnccs_manager.h # adding the plugin source files diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index e90fa1d0e..9a4b28c3a 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -53,10 +53,7 @@ processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \ processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \ processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \ -<<<<<<< HEAD -======= processing/jobs/start_action_job.c processing/jobs/start_action_job.h \ ->>>>>>> upstream/4.5.1 processing/jobs/roam_job.c processing/jobs/roam_job.h \ processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \ processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \ @@ -65,6 +62,8 @@ sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \ sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \ sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \ sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \ +sa/authenticators/eap/sim_card.h sa/authenticators/eap/sim_provider.h \ +sa/authenticators/eap/sim_hooks.h \ sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \ sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \ sa/child_sa.c sa/child_sa.h \ @@ -91,17 +90,12 @@ sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \ sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \ sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \ sa/tasks/task.c sa/tasks/task.h \ -<<<<<<< HEAD -tnccs/tnccs.c tnccs/tnccs.h \ -tnccs/tnccs_manager.h tnccs/tnccs_manager.c -======= tnc/tncif.h tnc/tncifimc.h tnc/tncifimv.h tnc/tncifimv.c \ tnc/imc/imc.h tnc/imc/imc_manager.h \ tnc/imv/imv.h tnc/imv/imv_manager.h \ tnc/imv/imv_recommendations.c tnc/imv/imv_recommendations.h \ tnc/tnccs/tnccs.c tnc/tnccs/tnccs.h \ tnc/tnccs/tnccs_manager.c tnc/tnccs/tnccs_manager.h ->>>>>>> upstream/4.5.1 daemon.lo : $(top_builddir)/config.status @@ -229,6 +223,13 @@ if MONOLITHIC endif endif +if USE_EAP_SIM_PCSC + SUBDIRS += plugins/eap_sim_pcsc +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la +endif +endif + if USE_EAP_SIMAKA_SQL SUBDIRS += plugins/eap_simaka_sql if MONOLITHIC @@ -313,6 +314,13 @@ if MONOLITHIC endif endif +if USE_EAP_PEAP + SUBDIRS += plugins/eap_peap +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_peap/libstrongswan-eap-peap.la +endif +endif + if USE_EAP_TNC SUBDIRS += plugins/eap_tnc if MONOLITHIC @@ -330,22 +338,14 @@ endif if USE_TNC_IMC SUBDIRS += plugins/tnc_imc if MONOLITHIC -<<<<<<< HEAD - libcharon_la_LIBADD += plugins/tnc_imc/libstrongswan-tnc_imc.la -======= libcharon_la_LIBADD += plugins/tnc_imc/libstrongswan-tnc-imc.la ->>>>>>> upstream/4.5.1 endif endif if USE_TNC_IMV SUBDIRS += plugins/tnc_imv if MONOLITHIC -<<<<<<< HEAD - libcharon_la_LIBADD += plugins/tnc_imv/libstrongswan-tnc_imv.la -======= libcharon_la_LIBADD += plugins/tnc_imv/libstrongswan-tnc-imv.la ->>>>>>> upstream/4.5.1 endif endif @@ -363,8 +363,6 @@ if MONOLITHIC endif endif -<<<<<<< HEAD -======= if USE_TNCCS_DYNAMIC SUBDIRS += plugins/tnccs_dynamic if MONOLITHIC @@ -372,7 +370,6 @@ if MONOLITHIC endif endif ->>>>>>> upstream/4.5.1 if USE_MEDSRV SUBDIRS += plugins/medsrv if MONOLITHIC @@ -422,6 +419,13 @@ if MONOLITHIC endif endif +if USE_WHITELIST + SUBDIRS += plugins/whitelist +if MONOLITHIC + libcharon_la_LIBADD += plugins/whitelist/libstrongswan-whitelist.la +endif +endif + if USE_LED SUBDIRS += plugins/led if MONOLITHIC @@ -429,6 +433,20 @@ if MONOLITHIC endif endif +if USE_DUPLICHECK + SUBDIRS += plugins/duplicheck +if MONOLITHIC + libcharon_la_LIBADD += plugins/duplicheck/libstrongswan-duplicheck.la +endif +endif + +if USE_COUPLING + SUBDIRS += plugins/coupling +if MONOLITHIC + libcharon_la_LIBADD += plugins/coupling/libstrongswan-coupling.la +endif +endif + if USE_UCI SUBDIRS += plugins/uci if MONOLITHIC diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index ab3f3b670..70385f306 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -69,95 +69,74 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_24 = plugins/eap_sim/libstrongswan-eap-sim.la @USE_EAP_SIM_FILE_TRUE@am__append_25 = plugins/eap_sim_file @MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_26 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la -@USE_EAP_SIMAKA_SQL_TRUE@am__append_27 = plugins/eap_simaka_sql -@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE@am__append_28 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la -@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_29 = plugins/eap_simaka_pseudonym -@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_30 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la -@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_31 = plugins/eap_simaka_reauth -@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_32 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la -@USE_EAP_AKA_TRUE@am__append_33 = plugins/eap_aka -@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_34 = plugins/eap_aka/libstrongswan-eap-aka.la -@USE_EAP_AKA_3GPP2_TRUE@am__append_35 = plugins/eap_aka_3gpp2 -@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_36 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la -@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_37 = $(top_builddir)/src/libsimaka/libsimaka.la -@USE_EAP_MD5_TRUE@am__append_38 = plugins/eap_md5 -@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_39 = plugins/eap_md5/libstrongswan-eap-md5.la -@USE_EAP_GTC_TRUE@am__append_40 = plugins/eap_gtc -@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_41 = plugins/eap_gtc/libstrongswan-eap-gtc.la -@USE_EAP_MSCHAPV2_TRUE@am__append_42 = plugins/eap_mschapv2 -@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_43 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la -@USE_EAP_RADIUS_TRUE@am__append_44 = plugins/eap_radius -@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_45 = plugins/eap_radius/libstrongswan-eap-radius.la -@USE_EAP_TLS_TRUE@am__append_46 = plugins/eap_tls -@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_47 = plugins/eap_tls/libstrongswan-eap-tls.la -@USE_EAP_TTLS_TRUE@am__append_48 = plugins/eap_ttls -@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_49 = plugins/eap_ttls/libstrongswan-eap-ttls.la -@USE_EAP_TNC_TRUE@am__append_50 = plugins/eap_tnc -@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_51 = plugins/eap_tnc/libstrongswan-eap-tnc.la -@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_52 = $(top_builddir)/src/libtls/libtls.la -@USE_TNC_IMC_TRUE@am__append_53 = plugins/tnc_imc -<<<<<<< HEAD -@MONOLITHIC_TRUE@@USE_TNC_IMC_TRUE@am__append_54 = plugins/tnc_imc/libstrongswan-tnc_imc.la -@USE_TNC_IMV_TRUE@am__append_55 = plugins/tnc_imv -@MONOLITHIC_TRUE@@USE_TNC_IMV_TRUE@am__append_56 = plugins/tnc_imv/libstrongswan-tnc_imv.la -======= -@MONOLITHIC_TRUE@@USE_TNC_IMC_TRUE@am__append_54 = plugins/tnc_imc/libstrongswan-tnc-imc.la -@USE_TNC_IMV_TRUE@am__append_55 = plugins/tnc_imv -@MONOLITHIC_TRUE@@USE_TNC_IMV_TRUE@am__append_56 = plugins/tnc_imv/libstrongswan-tnc-imv.la ->>>>>>> upstream/4.5.1 -@USE_TNCCS_11_TRUE@am__append_57 = plugins/tnccs_11 -@MONOLITHIC_TRUE@@USE_TNCCS_11_TRUE@am__append_58 = plugins/tnccs_11/libstrongswan-tnccs-11.la -@USE_TNCCS_20_TRUE@am__append_59 = plugins/tnccs_20 -@MONOLITHIC_TRUE@@USE_TNCCS_20_TRUE@am__append_60 = plugins/tnccs_20/libstrongswan-tnccs-20.la -<<<<<<< HEAD -@USE_MEDSRV_TRUE@am__append_61 = plugins/medsrv -@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_62 = plugins/medsrv/libstrongswan-medsrv.la -@USE_MEDCLI_TRUE@am__append_63 = plugins/medcli -@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_64 = plugins/medcli/libstrongswan-medcli.la -@USE_NM_TRUE@am__append_65 = plugins/nm -@MONOLITHIC_TRUE@@USE_NM_TRUE@am__append_66 = plugins/nm/libstrongswan-nm.la -@USE_DHCP_TRUE@am__append_67 = plugins/dhcp -@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_68 = plugins/dhcp/libstrongswan-dhcp.la -@USE_ANDROID_TRUE@am__append_69 = plugins/android -@MONOLITHIC_TRUE@@USE_ANDROID_TRUE@am__append_70 = plugins/android/libstrongswan-android.la -@USE_MAEMO_TRUE@am__append_71 = plugins/maemo -@MONOLITHIC_TRUE@@USE_MAEMO_TRUE@am__append_72 = plugins/maemo/libstrongswan-maemo.la -@USE_HA_TRUE@am__append_73 = plugins/ha -@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_74 = plugins/ha/libstrongswan-ha.la -@USE_LED_TRUE@am__append_75 = plugins/led -@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_76 = plugins/led/libstrongswan-led.la -@USE_UCI_TRUE@am__append_77 = plugins/uci -@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_78 = plugins/uci/libstrongswan-uci.la -@USE_ADDRBLOCK_TRUE@am__append_79 = plugins/addrblock -@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_80 = plugins/uci/libstrongswan-addrblock.la -@USE_UNIT_TESTS_TRUE@am__append_81 = plugins/unit_tester -@MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_82 = plugins/unit_tester/libstrongswan-unit-tester.la -======= -@USE_TNCCS_DYNAMIC_TRUE@am__append_61 = plugins/tnccs_dynamic -@MONOLITHIC_TRUE@@USE_TNCCS_DYNAMIC_TRUE@am__append_62 = plugins/tnccs_dynamic/libstrongswan-tnccs-dynamic.la -@USE_MEDSRV_TRUE@am__append_63 = plugins/medsrv -@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_64 = plugins/medsrv/libstrongswan-medsrv.la -@USE_MEDCLI_TRUE@am__append_65 = plugins/medcli -@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_66 = plugins/medcli/libstrongswan-medcli.la -@USE_NM_TRUE@am__append_67 = plugins/nm -@MONOLITHIC_TRUE@@USE_NM_TRUE@am__append_68 = plugins/nm/libstrongswan-nm.la -@USE_DHCP_TRUE@am__append_69 = plugins/dhcp -@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_70 = plugins/dhcp/libstrongswan-dhcp.la -@USE_ANDROID_TRUE@am__append_71 = plugins/android -@MONOLITHIC_TRUE@@USE_ANDROID_TRUE@am__append_72 = plugins/android/libstrongswan-android.la -@USE_MAEMO_TRUE@am__append_73 = plugins/maemo -@MONOLITHIC_TRUE@@USE_MAEMO_TRUE@am__append_74 = plugins/maemo/libstrongswan-maemo.la -@USE_HA_TRUE@am__append_75 = plugins/ha -@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_76 = plugins/ha/libstrongswan-ha.la -@USE_LED_TRUE@am__append_77 = plugins/led -@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_78 = plugins/led/libstrongswan-led.la -@USE_UCI_TRUE@am__append_79 = plugins/uci -@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_80 = plugins/uci/libstrongswan-uci.la -@USE_ADDRBLOCK_TRUE@am__append_81 = plugins/addrblock -@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_82 = plugins/uci/libstrongswan-addrblock.la -@USE_UNIT_TESTS_TRUE@am__append_83 = plugins/unit_tester -@MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_84 = plugins/unit_tester/libstrongswan-unit-tester.la ->>>>>>> upstream/4.5.1 +@USE_EAP_SIM_PCSC_TRUE@am__append_27 = plugins/eap_sim_pcsc +@MONOLITHIC_TRUE@@USE_EAP_SIM_PCSC_TRUE@am__append_28 = plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la +@USE_EAP_SIMAKA_SQL_TRUE@am__append_29 = plugins/eap_simaka_sql +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE@am__append_30 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la +@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_31 = plugins/eap_simaka_pseudonym +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_32 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la +@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_33 = plugins/eap_simaka_reauth +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_34 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la +@USE_EAP_AKA_TRUE@am__append_35 = plugins/eap_aka +@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_36 = plugins/eap_aka/libstrongswan-eap-aka.la +@USE_EAP_AKA_3GPP2_TRUE@am__append_37 = plugins/eap_aka_3gpp2 +@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_38 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la +@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_39 = $(top_builddir)/src/libsimaka/libsimaka.la +@USE_EAP_MD5_TRUE@am__append_40 = plugins/eap_md5 +@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_41 = plugins/eap_md5/libstrongswan-eap-md5.la +@USE_EAP_GTC_TRUE@am__append_42 = plugins/eap_gtc +@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_43 = plugins/eap_gtc/libstrongswan-eap-gtc.la +@USE_EAP_MSCHAPV2_TRUE@am__append_44 = plugins/eap_mschapv2 +@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_45 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la +@USE_EAP_RADIUS_TRUE@am__append_46 = plugins/eap_radius +@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_47 = plugins/eap_radius/libstrongswan-eap-radius.la +@USE_EAP_TLS_TRUE@am__append_48 = plugins/eap_tls +@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_49 = plugins/eap_tls/libstrongswan-eap-tls.la +@USE_EAP_TTLS_TRUE@am__append_50 = plugins/eap_ttls +@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_51 = plugins/eap_ttls/libstrongswan-eap-ttls.la +@USE_EAP_PEAP_TRUE@am__append_52 = plugins/eap_peap +@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_53 = plugins/eap_peap/libstrongswan-eap-peap.la +@USE_EAP_TNC_TRUE@am__append_54 = plugins/eap_tnc +@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_55 = plugins/eap_tnc/libstrongswan-eap-tnc.la +@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_56 = $(top_builddir)/src/libtls/libtls.la +@USE_TNC_IMC_TRUE@am__append_57 = plugins/tnc_imc +@MONOLITHIC_TRUE@@USE_TNC_IMC_TRUE@am__append_58 = plugins/tnc_imc/libstrongswan-tnc-imc.la +@USE_TNC_IMV_TRUE@am__append_59 = plugins/tnc_imv +@MONOLITHIC_TRUE@@USE_TNC_IMV_TRUE@am__append_60 = plugins/tnc_imv/libstrongswan-tnc-imv.la +@USE_TNCCS_11_TRUE@am__append_61 = plugins/tnccs_11 +@MONOLITHIC_TRUE@@USE_TNCCS_11_TRUE@am__append_62 = plugins/tnccs_11/libstrongswan-tnccs-11.la +@USE_TNCCS_20_TRUE@am__append_63 = plugins/tnccs_20 +@MONOLITHIC_TRUE@@USE_TNCCS_20_TRUE@am__append_64 = plugins/tnccs_20/libstrongswan-tnccs-20.la +@USE_TNCCS_DYNAMIC_TRUE@am__append_65 = plugins/tnccs_dynamic +@MONOLITHIC_TRUE@@USE_TNCCS_DYNAMIC_TRUE@am__append_66 = plugins/tnccs_dynamic/libstrongswan-tnccs-dynamic.la +@USE_MEDSRV_TRUE@am__append_67 = plugins/medsrv +@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_68 = plugins/medsrv/libstrongswan-medsrv.la +@USE_MEDCLI_TRUE@am__append_69 = plugins/medcli +@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_70 = plugins/medcli/libstrongswan-medcli.la +@USE_NM_TRUE@am__append_71 = plugins/nm +@MONOLITHIC_TRUE@@USE_NM_TRUE@am__append_72 = plugins/nm/libstrongswan-nm.la +@USE_DHCP_TRUE@am__append_73 = plugins/dhcp +@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_74 = plugins/dhcp/libstrongswan-dhcp.la +@USE_ANDROID_TRUE@am__append_75 = plugins/android +@MONOLITHIC_TRUE@@USE_ANDROID_TRUE@am__append_76 = plugins/android/libstrongswan-android.la +@USE_MAEMO_TRUE@am__append_77 = plugins/maemo +@MONOLITHIC_TRUE@@USE_MAEMO_TRUE@am__append_78 = plugins/maemo/libstrongswan-maemo.la +@USE_HA_TRUE@am__append_79 = plugins/ha +@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_80 = plugins/ha/libstrongswan-ha.la +@USE_WHITELIST_TRUE@am__append_81 = plugins/whitelist +@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_82 = plugins/whitelist/libstrongswan-whitelist.la +@USE_LED_TRUE@am__append_83 = plugins/led +@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_84 = plugins/led/libstrongswan-led.la +@USE_DUPLICHECK_TRUE@am__append_85 = plugins/duplicheck +@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_86 = plugins/duplicheck/libstrongswan-duplicheck.la +@USE_COUPLING_TRUE@am__append_87 = plugins/coupling +@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_88 = plugins/coupling/libstrongswan-coupling.la +@USE_UCI_TRUE@am__append_89 = plugins/uci +@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_90 = plugins/uci/libstrongswan-uci.la +@USE_ADDRBLOCK_TRUE@am__append_91 = plugins/addrblock +@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_92 = plugins/uci/libstrongswan-addrblock.la +@USE_UNIT_TESTS_TRUE@am__append_93 = plugins/unit_tester +@MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_94 = plugins/unit_tester/libstrongswan-unit-tester.la subdir = src/libcharon DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -207,19 +186,16 @@ libcharon_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__append_20) $(am__append_22) $(am__append_24) \ $(am__append_26) $(am__append_28) $(am__append_30) \ $(am__append_32) $(am__append_34) $(am__append_36) \ - $(am__append_37) $(am__append_39) $(am__append_41) \ + $(am__append_38) $(am__append_39) $(am__append_41) \ $(am__append_43) $(am__append_45) $(am__append_47) \ - $(am__append_49) $(am__append_51) $(am__append_52) \ - $(am__append_54) $(am__append_56) $(am__append_58) \ + $(am__append_49) $(am__append_51) $(am__append_53) \ + $(am__append_55) $(am__append_56) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ $(am__append_66) $(am__append_68) $(am__append_70) \ $(am__append_72) $(am__append_74) $(am__append_76) \ -<<<<<<< HEAD - $(am__append_78) $(am__append_80) $(am__append_82) -======= $(am__append_78) $(am__append_80) $(am__append_82) \ - $(am__append_84) ->>>>>>> upstream/4.5.1 + $(am__append_84) $(am__append_86) $(am__append_88) \ + $(am__append_90) $(am__append_92) $(am__append_94) am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \ bus/listeners/listener.h bus/listeners/file_logger.c \ bus/listeners/file_logger.h bus/listeners/sys_logger.c \ @@ -289,14 +265,9 @@ am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \ processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ processing/jobs/send_keepalive_job.c \ processing/jobs/send_keepalive_job.h \ -<<<<<<< HEAD - processing/jobs/roam_job.c processing/jobs/roam_job.h \ - processing/jobs/update_sa_job.c \ -======= processing/jobs/start_action_job.c \ processing/jobs/start_action_job.h processing/jobs/roam_job.c \ processing/jobs/roam_job.h processing/jobs/update_sa_job.c \ ->>>>>>> upstream/4.5.1 processing/jobs/update_sa_job.h \ processing/jobs/inactivity_job.c \ processing/jobs/inactivity_job.h \ @@ -310,6 +281,9 @@ am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \ sa/authenticators/eap/eap_manager.h \ sa/authenticators/eap/sim_manager.c \ sa/authenticators/eap/sim_manager.h \ + sa/authenticators/eap/sim_card.h \ + sa/authenticators/eap/sim_provider.h \ + sa/authenticators/eap/sim_hooks.h \ sa/authenticators/psk_authenticator.c \ sa/authenticators/psk_authenticator.h \ sa/authenticators/pubkey_authenticator.c \ @@ -332,17 +306,12 @@ am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \ sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \ sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \ sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \ -<<<<<<< HEAD - tnccs/tnccs.c tnccs/tnccs.h tnccs/tnccs_manager.h \ - tnccs/tnccs_manager.c encoding/payloads/endpoint_notify.c \ -======= tnc/tncif.h tnc/tncifimc.h tnc/tncifimv.h tnc/tncifimv.c \ tnc/imc/imc.h tnc/imc/imc_manager.h tnc/imv/imv.h \ tnc/imv/imv_manager.h tnc/imv/imv_recommendations.c \ tnc/imv/imv_recommendations.h tnc/tnccs/tnccs.c \ tnc/tnccs/tnccs.h tnc/tnccs/tnccs_manager.c \ tnc/tnccs/tnccs_manager.h encoding/payloads/endpoint_notify.c \ ->>>>>>> upstream/4.5.1 encoding/payloads/endpoint_notify.h \ processing/jobs/initiate_mediation_job.c \ processing/jobs/initiate_mediation_job.h \ @@ -368,18 +337,6 @@ am_libcharon_la_OBJECTS = bus.lo file_logger.lo sys_logger.lo \ acquire_job.lo delete_child_sa_job.lo delete_ike_sa_job.lo \ migrate_job.lo process_message_job.lo rekey_child_sa_job.lo \ rekey_ike_sa_job.lo retransmit_job.lo send_dpd_job.lo \ -<<<<<<< HEAD - send_keepalive_job.lo roam_job.lo update_sa_job.lo \ - inactivity_job.lo authenticator.lo eap_authenticator.lo \ - eap_method.lo eap_manager.lo sim_manager.lo \ - psk_authenticator.lo pubkey_authenticator.lo child_sa.lo \ - ike_sa.lo ike_sa_id.lo ike_sa_manager.lo task_manager.lo \ - keymat.lo trap_manager.lo child_create.lo child_delete.lo \ - child_rekey.lo ike_auth.lo ike_cert_pre.lo ike_cert_post.lo \ - ike_config.lo ike_delete.lo ike_dpd.lo ike_init.lo ike_natd.lo \ - ike_mobike.lo ike_rekey.lo ike_reauth.lo ike_auth_lifetime.lo \ - ike_vendor.lo task.lo tnccs.lo tnccs_manager.lo \ -======= send_keepalive_job.lo start_action_job.lo roam_job.lo \ update_sa_job.lo inactivity_job.lo authenticator.lo \ eap_authenticator.lo eap_method.lo eap_manager.lo \ @@ -391,7 +348,6 @@ am_libcharon_la_OBJECTS = bus.lo file_logger.lo sys_logger.lo \ ike_init.lo ike_natd.lo ike_mobike.lo ike_rekey.lo \ ike_reauth.lo ike_auth_lifetime.lo ike_vendor.lo task.lo \ tncifimv.lo imv_recommendations.lo tnccs.lo tnccs_manager.lo \ ->>>>>>> upstream/4.5.1 $(am__objects_1) libcharon_la_OBJECTS = $(am_libcharon_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ @@ -427,21 +383,17 @@ DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \ plugins/socket_raw plugins/socket_dynamic plugins/farp \ plugins/stroke plugins/smp plugins/sql plugins/updown \ plugins/eap_identity plugins/eap_sim plugins/eap_sim_file \ - plugins/eap_simaka_sql plugins/eap_simaka_pseudonym \ - plugins/eap_simaka_reauth plugins/eap_aka \ - plugins/eap_aka_3gpp2 plugins/eap_md5 plugins/eap_gtc \ - plugins/eap_mschapv2 plugins/eap_radius plugins/eap_tls \ - plugins/eap_ttls plugins/eap_tnc plugins/tnc_imc \ - plugins/tnc_imv plugins/tnccs_11 plugins/tnccs_20 \ -<<<<<<< HEAD + plugins/eap_sim_pcsc plugins/eap_simaka_sql \ + plugins/eap_simaka_pseudonym plugins/eap_simaka_reauth \ + plugins/eap_aka plugins/eap_aka_3gpp2 plugins/eap_md5 \ + plugins/eap_gtc plugins/eap_mschapv2 plugins/eap_radius \ + plugins/eap_tls plugins/eap_ttls plugins/eap_peap \ + plugins/eap_tnc plugins/tnc_imc plugins/tnc_imv \ + plugins/tnccs_11 plugins/tnccs_20 plugins/tnccs_dynamic \ plugins/medsrv plugins/medcli plugins/nm plugins/dhcp \ - plugins/android plugins/maemo plugins/ha plugins/led \ - plugins/uci plugins/addrblock plugins/unit_tester -======= - plugins/tnccs_dynamic plugins/medsrv plugins/medcli plugins/nm \ - plugins/dhcp plugins/android plugins/maemo plugins/ha \ - plugins/led plugins/uci plugins/addrblock plugins/unit_tester ->>>>>>> upstream/4.5.1 + plugins/android plugins/maemo plugins/ha plugins/whitelist \ + plugins/led plugins/duplicheck plugins/coupling plugins/uci \ + plugins/addrblock plugins/unit_tester DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -587,13 +539,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -614,6 +560,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -632,14 +580,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -717,14 +663,9 @@ libcharon_la_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ processing/jobs/send_keepalive_job.c \ processing/jobs/send_keepalive_job.h \ -<<<<<<< HEAD - processing/jobs/roam_job.c processing/jobs/roam_job.h \ - processing/jobs/update_sa_job.c \ -======= processing/jobs/start_action_job.c \ processing/jobs/start_action_job.h processing/jobs/roam_job.c \ processing/jobs/roam_job.h processing/jobs/update_sa_job.c \ ->>>>>>> upstream/4.5.1 processing/jobs/update_sa_job.h \ processing/jobs/inactivity_job.c \ processing/jobs/inactivity_job.h \ @@ -738,6 +679,9 @@ libcharon_la_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ sa/authenticators/eap/eap_manager.h \ sa/authenticators/eap/sim_manager.c \ sa/authenticators/eap/sim_manager.h \ + sa/authenticators/eap/sim_card.h \ + sa/authenticators/eap/sim_provider.h \ + sa/authenticators/eap/sim_hooks.h \ sa/authenticators/psk_authenticator.c \ sa/authenticators/psk_authenticator.h \ sa/authenticators/pubkey_authenticator.c \ @@ -760,17 +704,12 @@ libcharon_la_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \ sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \ sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \ -<<<<<<< HEAD - tnccs/tnccs.c tnccs/tnccs.h tnccs/tnccs_manager.h \ - tnccs/tnccs_manager.c $(am__append_1) -======= tnc/tncif.h tnc/tncifimc.h tnc/tncifimv.h tnc/tncifimv.c \ tnc/imc/imc.h tnc/imc/imc_manager.h tnc/imv/imv.h \ tnc/imv/imv_manager.h tnc/imv/imv_recommendations.c \ tnc/imv/imv_recommendations.h tnc/tnccs/tnccs.c \ tnc/tnccs/tnccs.h tnc/tnccs/tnccs_manager.c \ tnc/tnccs/tnccs_manager.h $(am__append_1) ->>>>>>> upstream/4.5.1 INCLUDES = \ -I${linux_headers} \ -I$(top_srcdir)/src/libstrongswan \ @@ -789,19 +728,16 @@ libcharon_la_LIBADD = -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) \ $(am__append_20) $(am__append_22) $(am__append_24) \ $(am__append_26) $(am__append_28) $(am__append_30) \ $(am__append_32) $(am__append_34) $(am__append_36) \ - $(am__append_37) $(am__append_39) $(am__append_41) \ + $(am__append_38) $(am__append_39) $(am__append_41) \ $(am__append_43) $(am__append_45) $(am__append_47) \ - $(am__append_49) $(am__append_51) $(am__append_52) \ - $(am__append_54) $(am__append_56) $(am__append_58) \ + $(am__append_49) $(am__append_51) $(am__append_53) \ + $(am__append_55) $(am__append_56) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ $(am__append_66) $(am__append_68) $(am__append_70) \ $(am__append_72) $(am__append_74) $(am__append_76) \ -<<<<<<< HEAD - $(am__append_78) $(am__append_80) $(am__append_82) -======= $(am__append_78) $(am__append_80) $(am__append_82) \ - $(am__append_84) ->>>>>>> upstream/4.5.1 + $(am__append_84) $(am__append_86) $(am__append_88) \ + $(am__append_90) $(am__append_92) $(am__append_94) EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@SUBDIRS = . $(am__append_3) $(am__append_5) \ @MONOLITHIC_FALSE@ $(am__append_7) $(am__append_9) \ @@ -811,22 +747,21 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_23) $(am__append_25) \ @MONOLITHIC_FALSE@ $(am__append_27) $(am__append_29) \ @MONOLITHIC_FALSE@ $(am__append_31) $(am__append_33) \ -@MONOLITHIC_FALSE@ $(am__append_35) $(am__append_38) \ +@MONOLITHIC_FALSE@ $(am__append_35) $(am__append_37) \ @MONOLITHIC_FALSE@ $(am__append_40) $(am__append_42) \ @MONOLITHIC_FALSE@ $(am__append_44) $(am__append_46) \ @MONOLITHIC_FALSE@ $(am__append_48) $(am__append_50) \ -@MONOLITHIC_FALSE@ $(am__append_53) $(am__append_55) \ +@MONOLITHIC_FALSE@ $(am__append_52) $(am__append_54) \ @MONOLITHIC_FALSE@ $(am__append_57) $(am__append_59) \ @MONOLITHIC_FALSE@ $(am__append_61) $(am__append_63) \ @MONOLITHIC_FALSE@ $(am__append_65) $(am__append_67) \ @MONOLITHIC_FALSE@ $(am__append_69) $(am__append_71) \ @MONOLITHIC_FALSE@ $(am__append_73) $(am__append_75) \ @MONOLITHIC_FALSE@ $(am__append_77) $(am__append_79) \ -<<<<<<< HEAD -@MONOLITHIC_FALSE@ $(am__append_81) -======= -@MONOLITHIC_FALSE@ $(am__append_81) $(am__append_83) ->>>>>>> upstream/4.5.1 +@MONOLITHIC_FALSE@ $(am__append_81) $(am__append_83) \ +@MONOLITHIC_FALSE@ $(am__append_85) $(am__append_87) \ +@MONOLITHIC_FALSE@ $(am__append_89) $(am__append_91) \ +@MONOLITHIC_FALSE@ $(am__append_93) # build optional plugins ######################## @@ -838,22 +773,21 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_23) $(am__append_25) \ @MONOLITHIC_TRUE@ $(am__append_27) $(am__append_29) \ @MONOLITHIC_TRUE@ $(am__append_31) $(am__append_33) \ -@MONOLITHIC_TRUE@ $(am__append_35) $(am__append_38) \ +@MONOLITHIC_TRUE@ $(am__append_35) $(am__append_37) \ @MONOLITHIC_TRUE@ $(am__append_40) $(am__append_42) \ @MONOLITHIC_TRUE@ $(am__append_44) $(am__append_46) \ @MONOLITHIC_TRUE@ $(am__append_48) $(am__append_50) \ -@MONOLITHIC_TRUE@ $(am__append_53) $(am__append_55) \ +@MONOLITHIC_TRUE@ $(am__append_52) $(am__append_54) \ @MONOLITHIC_TRUE@ $(am__append_57) $(am__append_59) \ @MONOLITHIC_TRUE@ $(am__append_61) $(am__append_63) \ @MONOLITHIC_TRUE@ $(am__append_65) $(am__append_67) \ @MONOLITHIC_TRUE@ $(am__append_69) $(am__append_71) \ @MONOLITHIC_TRUE@ $(am__append_73) $(am__append_75) \ @MONOLITHIC_TRUE@ $(am__append_77) $(am__append_79) \ -<<<<<<< HEAD -@MONOLITHIC_TRUE@ $(am__append_81) -======= -@MONOLITHIC_TRUE@ $(am__append_81) $(am__append_83) ->>>>>>> upstream/4.5.1 +@MONOLITHIC_TRUE@ $(am__append_81) $(am__append_83) \ +@MONOLITHIC_TRUE@ $(am__append_85) $(am__append_87) \ +@MONOLITHIC_TRUE@ $(am__append_89) $(am__append_91) \ +@MONOLITHIC_TRUE@ $(am__append_93) all: all-recursive .SUFFIXES: @@ -977,10 +911,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_id.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_vendor.Plo@am__quote@ -<<<<<<< HEAD -======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_recommendations.Plo@am__quote@ ->>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/inactivity_job.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initiate_mediation_job.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ke_payload.Plo@am__quote@ @@ -1012,19 +943,13 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sender.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sim_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_manager.Plo@am__quote@ -<<<<<<< HEAD -======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/start_action_job.Plo@am__quote@ ->>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sys_logger.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_manager.Plo@am__quote@ -<<<<<<< HEAD -======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tncifimv.Plo@am__quote@ ->>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector_substructure.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_attribute.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_substructure.Plo@am__quote@ @@ -1405,8 +1330,6 @@ send_keepalive_job.lo: processing/jobs/send_keepalive_job.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.lo `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c -<<<<<<< HEAD -======= start_action_job.lo: processing/jobs/start_action_job.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT start_action_job.lo -MD -MP -MF $(DEPDIR)/start_action_job.Tpo -c -o start_action_job.lo `test -f 'processing/jobs/start_action_job.c' || echo '$(srcdir)/'`processing/jobs/start_action_job.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/start_action_job.Tpo $(DEPDIR)/start_action_job.Plo @@ -1414,7 +1337,6 @@ start_action_job.lo: processing/jobs/start_action_job.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o start_action_job.lo `test -f 'processing/jobs/start_action_job.c' || echo '$(srcdir)/'`processing/jobs/start_action_job.c ->>>>>>> upstream/4.5.1 roam_job.lo: processing/jobs/roam_job.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT roam_job.lo -MD -MP -MF $(DEPDIR)/roam_job.Tpo -c -o roam_job.lo `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Plo @@ -1653,21 +1575,6 @@ task.lo: sa/tasks/task.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.lo `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c -<<<<<<< HEAD -tnccs.lo: tnccs/tnccs.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tnccs.lo -MD -MP -MF $(DEPDIR)/tnccs.Tpo -c -o tnccs.lo `test -f 'tnccs/tnccs.c' || echo '$(srcdir)/'`tnccs/tnccs.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tnccs.Tpo $(DEPDIR)/tnccs.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tnccs/tnccs.c' object='tnccs.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tnccs.lo `test -f 'tnccs/tnccs.c' || echo '$(srcdir)/'`tnccs/tnccs.c - -tnccs_manager.lo: tnccs/tnccs_manager.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tnccs_manager.lo -MD -MP -MF $(DEPDIR)/tnccs_manager.Tpo -c -o tnccs_manager.lo `test -f 'tnccs/tnccs_manager.c' || echo '$(srcdir)/'`tnccs/tnccs_manager.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tnccs_manager.Tpo $(DEPDIR)/tnccs_manager.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tnccs/tnccs_manager.c' object='tnccs_manager.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tnccs_manager.lo `test -f 'tnccs/tnccs_manager.c' || echo '$(srcdir)/'`tnccs/tnccs_manager.c -======= tncifimv.lo: tnc/tncifimv.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tncifimv.lo -MD -MP -MF $(DEPDIR)/tncifimv.Tpo -c -o tncifimv.lo `test -f 'tnc/tncifimv.c' || echo '$(srcdir)/'`tnc/tncifimv.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tncifimv.Tpo $(DEPDIR)/tncifimv.Plo @@ -1695,7 +1602,6 @@ tnccs_manager.lo: tnc/tnccs/tnccs_manager.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tnc/tnccs/tnccs_manager.c' object='tnccs_manager.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tnccs_manager.lo `test -f 'tnc/tnccs/tnccs_manager.c' || echo '$(srcdir)/'`tnc/tnccs/tnccs_manager.c ->>>>>>> upstream/4.5.1 endpoint_notify.lo: encoding/payloads/endpoint_notify.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT endpoint_notify.lo -MD -MP -MF $(DEPDIR)/endpoint_notify.Tpo -c -o endpoint_notify.lo `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c index 9abc07598..23931c47d 100644 --- a/src/libcharon/bus/bus.c +++ b/src/libcharon/bus/bus.c @@ -227,20 +227,13 @@ static bool log_cb(entry_t *entry, log_data_t *data) { entry->blocker = FALSE; entry->condvar->signal(entry->condvar); -<<<<<<< HEAD -======= entry->calling--; ->>>>>>> upstream/4.5.1 } else { entry_destroy(entry); } va_end(args); -<<<<<<< HEAD - entry->calling--; -======= ->>>>>>> upstream/4.5.1 return TRUE; } va_end(args); diff --git a/src/libcharon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c index 157436a7d..36d18619a 100644 --- a/src/libcharon/bus/listeners/file_logger.c +++ b/src/libcharon/bus/listeners/file_logger.c @@ -53,11 +53,9 @@ struct private_file_logger_t { bool ike_name; }; -/** - * Implementation of bus_listener_t.log. - */ -static bool log_(private_file_logger_t *this, debug_t group, level_t level, - int thread, ike_sa_t* ike_sa, char *format, va_list args) +METHOD(listener_t, log_, bool, + private_file_logger_t *this, debug_t group, level_t level, int thread, + ike_sa_t* ike_sa, char *format, va_list args) { if (level <= this->levels[group]) { @@ -118,10 +116,8 @@ static bool log_(private_file_logger_t *this, debug_t group, level_t level, return TRUE; } -/** - * Implementation of file_logger_t.set_level. - */ -static void set_level(private_file_logger_t *this, debug_t group, level_t level) +METHOD(file_logger_t, set_level, void, + private_file_logger_t *this, debug_t group, level_t level) { if (group < DBG_ANY) { @@ -136,10 +132,8 @@ static void set_level(private_file_logger_t *this, debug_t group, level_t level) } } -/** - * Implementation of file_logger_t.destroy. - */ -static void destroy(private_file_logger_t *this) +METHOD(file_logger_t, destroy, void, + private_file_logger_t *this) { if (this->out != stdout && this->out != stderr) { @@ -153,18 +147,21 @@ static void destroy(private_file_logger_t *this) */ file_logger_t *file_logger_create(FILE *out, char *time_format, bool ike_name) { - private_file_logger_t *this = malloc_thing(private_file_logger_t); - - /* public functions */ - memset(&this->public.listener, 0, sizeof(listener_t)); - this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_; - this->public.set_level = (void(*)(file_logger_t*,debug_t,level_t))set_level; - this->public.destroy = (void(*)(file_logger_t*))destroy; - - /* private variables */ - this->out = out; - this->time_format = time_format; - this->ike_name = ike_name; + private_file_logger_t *this; + + INIT(this, + .public = { + .listener = { + .log = _log_, + }, + .set_level = _set_level, + .destroy = _destroy, + }, + .out = out, + .time_format = time_format, + .ike_name = ike_name, + ); + set_level(this, DBG_ANY, LEVEL_SILENT); return &this->public; diff --git a/src/libcharon/bus/listeners/sys_logger.c b/src/libcharon/bus/listeners/sys_logger.c index fa394ba88..c29c9f2e4 100644 --- a/src/libcharon/bus/listeners/sys_logger.c +++ b/src/libcharon/bus/listeners/sys_logger.c @@ -48,19 +48,19 @@ struct private_sys_logger_t { bool ike_name; }; -/** - * Implementation of listener_t.log. - */ -static bool log_(private_sys_logger_t *this, debug_t group, level_t level, - int thread, ike_sa_t* ike_sa, char *format, va_list args) +METHOD(listener_t, log_, bool, + private_sys_logger_t *this, debug_t group, level_t level, int thread, + ike_sa_t* ike_sa, char *format, va_list args) { if (level <= this->levels[group]) { - char buffer[8192], namestr[128] = ""; + char buffer[8192], groupstr[4], namestr[128] = ""; char *current = buffer, *next; /* write in memory buffer first */ vsnprintf(buffer, sizeof(buffer), format, args); + /* cache group name */ + snprintf(groupstr, sizeof(groupstr), "%N", debug_names, group); if (this->ike_name && ike_sa) { @@ -84,8 +84,8 @@ static bool log_(private_sys_logger_t *this, debug_t group, level_t level, { *(next++) = '\0'; } - syslog(this->facility|LOG_INFO, "%.2d[%N]%s %s\n", - thread, debug_names, group, namestr, current); + syslog(this->facility|LOG_INFO, "%.2d[%s]%s %s\n", + thread, groupstr, namestr, current); current = next; } } @@ -93,10 +93,8 @@ static bool log_(private_sys_logger_t *this, debug_t group, level_t level, return TRUE; } -/** - * Implementation of sys_logger_t.set_level. - */ -static void set_level(private_sys_logger_t *this, debug_t group, level_t level) +METHOD(sys_logger_t, set_level, void, + private_sys_logger_t *this, debug_t group, level_t level) { if (group < DBG_ANY) { @@ -111,10 +109,8 @@ static void set_level(private_sys_logger_t *this, debug_t group, level_t level) } } -/** - * Implementation of sys_logger_t.destroy. - */ -static void destroy(private_sys_logger_t *this) +METHOD(sys_logger_t, destroy, void, + private_sys_logger_t *this) { closelog(); free(this); @@ -125,17 +121,20 @@ static void destroy(private_sys_logger_t *this) */ sys_logger_t *sys_logger_create(int facility, bool ike_name) { - private_sys_logger_t *this = malloc_thing(private_sys_logger_t); - - /* public functions */ - memset(&this->public.listener, 0, sizeof(listener_t)); - this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_; - this->public.set_level = (void(*)(sys_logger_t*,debug_t,level_t))set_level; - this->public.destroy = (void(*)(sys_logger_t*))destroy; + private_sys_logger_t *this; + + INIT(this, + .public = { + .listener = { + .log = _log_, + }, + .set_level = _set_level, + .destroy = _destroy, + }, + .facility = facility, + .ike_name = ike_name, + ); - /* private variables */ - this->facility = facility; - this->ike_name = ike_name; set_level(this, DBG_ANY, LEVEL_SILENT); return &this->public; diff --git a/src/libcharon/config/backend_manager.c b/src/libcharon/config/backend_manager.c index 93635ca15..e78cb702d 100644 --- a/src/libcharon/config/backend_manager.c +++ b/src/libcharon/config/backend_manager.c @@ -96,14 +96,11 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other) { match += MATCH_ANY; } -<<<<<<< HEAD -======= else { me_cand->destroy(me_cand); return MATCH_NONE; } ->>>>>>> upstream/4.5.1 me_cand->destroy(me_cand); } else @@ -127,14 +124,11 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other) { match += MATCH_ANY; } -<<<<<<< HEAD -======= else { other_cand->destroy(other_cand); return MATCH_NONE; } ->>>>>>> upstream/4.5.1 other_cand->destroy(other_cand); } else @@ -144,16 +138,8 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other) return match; } -<<<<<<< HEAD -/** - * implements backend_manager_t.get_ike_cfg. - */ -static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this, - host_t *me, host_t *other) -======= METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*, private_backend_manager_t *this, host_t *me, host_t *other) ->>>>>>> upstream/4.5.1 { ike_cfg_t *current, *found = NULL; enumerator_t *enumerator; @@ -329,18 +315,9 @@ static void insert_sorted(match_entry_t *entry, linked_list_t *list, } } -<<<<<<< HEAD -/** - * Implements backend_manager_t.create_peer_cfg_enumerator. - */ -static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this, - host_t *me, host_t *other, identification_t *my_id, - identification_t *other_id) -======= METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*, private_backend_manager_t *this, host_t *me, host_t *other, identification_t *my_id, identification_t *other_id) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; peer_data_t *data; @@ -399,15 +376,8 @@ METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*, (void*)peer_enum_filter_destroy); } -<<<<<<< HEAD -/** - * implements backend_manager_t.get_peer_cfg_by_name. - */ -static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name) -======= METHOD(backend_manager_t, get_peer_cfg_by_name, peer_cfg_t*, private_backend_manager_t *this, char *name) ->>>>>>> upstream/4.5.1 { backend_t *backend; peer_cfg_t *config = NULL; @@ -424,45 +394,24 @@ METHOD(backend_manager_t, get_peer_cfg_by_name, peer_cfg_t*, return config; } -<<<<<<< HEAD -/** - * Implementation of backend_manager_t.remove_backend. - */ -static void remove_backend(private_backend_manager_t *this, backend_t *backend) -======= METHOD(backend_manager_t, remove_backend, void, private_backend_manager_t *this, backend_t *backend) ->>>>>>> upstream/4.5.1 { this->lock->write_lock(this->lock); this->backends->remove(this->backends, backend, NULL); this->lock->unlock(this->lock); } -<<<<<<< HEAD -/** - * Implementation of backend_manager_t.add_backend. - */ -static void add_backend(private_backend_manager_t *this, backend_t *backend) -======= METHOD(backend_manager_t, add_backend, void, private_backend_manager_t *this, backend_t *backend) ->>>>>>> upstream/4.5.1 { this->lock->write_lock(this->lock); this->backends->insert_last(this->backends, backend); this->lock->unlock(this->lock); } -<<<<<<< HEAD -/** - * Implementation of backend_manager_t.destroy. - */ -static void destroy(private_backend_manager_t *this) -======= METHOD(backend_manager_t, destroy, void, private_backend_manager_t *this) ->>>>>>> upstream/4.5.1 { this->backends->destroy(this->backends); this->lock->destroy(this->lock); @@ -471,22 +420,6 @@ METHOD(backend_manager_t, destroy, void, /* * Described in header-file -<<<<<<< HEAD - */ -backend_manager_t *backend_manager_create() -{ - private_backend_manager_t *this = malloc_thing(private_backend_manager_t); - - this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg; - this->public.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_manager_t*,char*))get_peer_cfg_by_name; - this->public.create_peer_cfg_enumerator = (enumerator_t* (*)(backend_manager_t*,host_t*,host_t*,identification_t*,identification_t*))create_peer_cfg_enumerator; - this->public.add_backend = (void(*)(backend_manager_t*, backend_t *backend))add_backend; - this->public.remove_backend = (void(*)(backend_manager_t*, backend_t *backend))remove_backend; - this->public.destroy = (void (*)(backend_manager_t*))destroy; - - this->backends = linked_list_create(); - this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); -======= */ backend_manager_t *backend_manager_create() @@ -505,7 +438,6 @@ backend_manager_t *backend_manager_create() .backends = linked_list_create(), .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 6edceffd6..74949be3c 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -80,14 +80,11 @@ struct private_child_cfg_t { ipsec_mode_t mode; /** -<<<<<<< HEAD -======= * action to take to start CHILD_SA */ action_t start_action; /** ->>>>>>> upstream/4.5.1 * action to take on DPD */ action_t dpd_action; @@ -126,15 +123,12 @@ struct private_child_cfg_t { * Optional mark to install outbound CHILD_SA with */ mark_t mark_out; -<<<<<<< HEAD -======= /** * Traffic Flow Confidentiality padding, if enabled */ u_int32_t tfc; ->>>>>>> upstream/4.5.1 /** * set up IPsec transport SA in MIPv6 proxy mode */ @@ -146,41 +140,20 @@ struct private_child_cfg_t { bool install_policy; }; -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_name. - */ -static char *get_name(private_child_cfg_t *this) -======= METHOD(child_cfg_t, get_name, char*, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { return this->name; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.add_proposal. - */ -static void add_proposal(private_child_cfg_t *this, proposal_t *proposal) -======= METHOD(child_cfg_t, add_proposal, void, private_child_cfg_t *this, proposal_t *proposal) ->>>>>>> upstream/4.5.1 { this->proposals->insert_last(this->proposals, proposal); } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_proposals. - */ -static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh) -======= METHOD(child_cfg_t, get_proposals, linked_list_t*, private_child_cfg_t *this, bool strip_dh) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; proposal_t *current; @@ -201,18 +174,9 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*, return proposals; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.select_proposal. - */ -static proposal_t* select_proposal(private_child_cfg_t*this, - linked_list_t *proposals, bool strip_dh, - bool private) -======= METHOD(child_cfg_t, select_proposal, proposal_t*, private_child_cfg_t*this, linked_list_t *proposals, bool strip_dh, bool private) ->>>>>>> upstream/4.5.1 { enumerator_t *stored_enum, *supplied_enum; proposal_t *stored, *supplied, *selected = NULL; @@ -257,16 +221,8 @@ METHOD(child_cfg_t, select_proposal, proposal_t*, return selected; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.add_traffic_selector. - */ -static void add_traffic_selector(private_child_cfg_t *this, bool local, - traffic_selector_t *ts) -======= METHOD(child_cfg_t, add_traffic_selector, void, private_child_cfg_t *this, bool local, traffic_selector_t *ts) ->>>>>>> upstream/4.5.1 { if (local) { @@ -278,17 +234,8 @@ METHOD(child_cfg_t, add_traffic_selector, void, } } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_traffic_selectors. - */ -static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool local, - linked_list_t *supplied, - host_t *host) -======= METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*, private_child_cfg_t *this, bool local, linked_list_t *supplied, host_t *host) ->>>>>>> upstream/4.5.1 { enumerator_t *e1, *e2; traffic_selector_t *ts1, *ts2, *selected; @@ -394,28 +341,14 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*, return result; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_updown. - */ -static char* get_updown(private_child_cfg_t *this) -======= METHOD(child_cfg_t, get_updown, char*, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { return this->updown; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_hostaccess. - */ -static bool get_hostaccess(private_child_cfg_t *this) -======= METHOD(child_cfg_t, get_hostaccess, bool, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { return this->hostaccess; } @@ -436,15 +369,8 @@ static u_int64_t apply_jitter(u_int64_t rekey, u_int64_t jitter) } #define APPLY_JITTER(l) l.rekey = apply_jitter(l.rekey, l.jitter) -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_lifetime. - */ -static lifetime_cfg_t *get_lifetime(private_child_cfg_t *this) -======= METHOD(child_cfg_t, get_lifetime, lifetime_cfg_t*, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { lifetime_cfg_t *lft = malloc_thing(lifetime_cfg_t); memcpy(lft, &this->lifetime, sizeof(lifetime_cfg_t)); @@ -454,25 +380,12 @@ METHOD(child_cfg_t, get_lifetime, lifetime_cfg_t*, return lft; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_mode. - */ -static ipsec_mode_t get_mode(private_child_cfg_t *this) -======= METHOD(child_cfg_t, get_mode, ipsec_mode_t, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { return this->mode; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_dpd_action. - */ -static action_t get_dpd_action(private_child_cfg_t *this) -======= METHOD(child_cfg_t, get_start_action, action_t, private_child_cfg_t *this) { @@ -481,33 +394,18 @@ METHOD(child_cfg_t, get_start_action, action_t, METHOD(child_cfg_t, get_dpd_action, action_t, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { return this->dpd_action; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_close_action. - */ -static action_t get_close_action(private_child_cfg_t *this) -======= METHOD(child_cfg_t, get_close_action, action_t, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { return this->close_action; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_dh_group. - */ -static diffie_hellman_group_t get_dh_group(private_child_cfg_t *this) -======= METHOD(child_cfg_t, get_dh_group, diffie_hellman_group_t, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; proposal_t *proposal; @@ -525,65 +423,30 @@ METHOD(child_cfg_t, get_dh_group, diffie_hellman_group_t, return dh_group; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.use_ipcomp. - */ -static bool use_ipcomp(private_child_cfg_t *this) -======= METHOD(child_cfg_t, use_ipcomp, bool, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { return this->use_ipcomp; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_inactivity. - */ -static u_int32_t get_inactivity(private_child_cfg_t *this) -======= METHOD(child_cfg_t, get_inactivity, u_int32_t, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { return this->inactivity; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_reqid. - */ -static u_int32_t get_reqid(private_child_cfg_t *this) -======= METHOD(child_cfg_t, get_reqid, u_int32_t, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { return this->reqid; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_mark. - */ -static mark_t get_mark(private_child_cfg_t *this, bool inbound) -======= METHOD(child_cfg_t, get_mark, mark_t, private_child_cfg_t *this, bool inbound) ->>>>>>> upstream/4.5.1 { return inbound ? this->mark_in : this->mark_out; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.set_mipv6_options. - */ -static void set_mipv6_options(private_child_cfg_t *this, bool proxy_mode, - bool install_policy) -======= METHOD(child_cfg_t, get_tfc, u_int32_t, private_child_cfg_t *this) { @@ -592,61 +455,32 @@ METHOD(child_cfg_t, get_tfc, u_int32_t, METHOD(child_cfg_t, set_mipv6_options, void, private_child_cfg_t *this, bool proxy_mode, bool install_policy) ->>>>>>> upstream/4.5.1 { this->proxy_mode = proxy_mode; this->install_policy = install_policy; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.use_proxy_mode. - */ -static bool use_proxy_mode(private_child_cfg_t *this) -======= METHOD(child_cfg_t, use_proxy_mode, bool, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { return this->proxy_mode; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.install_policy. - */ -static bool install_policy(private_child_cfg_t *this) -======= METHOD(child_cfg_t, install_policy, bool, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { return this->install_policy; } -<<<<<<< HEAD -/** - * Implementation of child_cfg_t.get_ref. - */ -static child_cfg_t* get_ref(private_child_cfg_t *this) -======= METHOD(child_cfg_t, get_ref, child_cfg_t*, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { ref_get(&this->refcount); return &this->public; } -<<<<<<< HEAD -/** - * Implements child_cfg_t.destroy. - */ -static void destroy(private_child_cfg_t *this) -======= METHOD(child_cfg_t, destroy, void, private_child_cfg_t *this) ->>>>>>> upstream/4.5.1 { if (ref_put(&this->refcount)) { @@ -667,47 +501,6 @@ METHOD(child_cfg_t, destroy, void, */ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, char *updown, bool hostaccess, -<<<<<<< HEAD - ipsec_mode_t mode, action_t dpd_action, - action_t close_action, bool ipcomp, - u_int32_t inactivity, u_int32_t reqid, - mark_t *mark_in, mark_t *mark_out) -{ - private_child_cfg_t *this = malloc_thing(private_child_cfg_t); - - this->public.get_name = (char* (*) (child_cfg_t*))get_name; - this->public.add_traffic_selector = (void (*)(child_cfg_t*,bool,traffic_selector_t*))add_traffic_selector; - this->public.get_traffic_selectors = (linked_list_t*(*)(child_cfg_t*,bool,linked_list_t*,host_t*))get_traffic_selectors; - this->public.add_proposal = (void (*) (child_cfg_t*,proposal_t*))add_proposal; - this->public.get_proposals = (linked_list_t* (*) (child_cfg_t*,bool))get_proposals; - this->public.select_proposal = (proposal_t* (*) (child_cfg_t*,linked_list_t*,bool,bool))select_proposal; - this->public.get_updown = (char* (*) (child_cfg_t*))get_updown; - this->public.get_hostaccess = (bool (*) (child_cfg_t*))get_hostaccess; - this->public.get_mode = (ipsec_mode_t (*) (child_cfg_t *))get_mode; - this->public.get_dpd_action = (action_t (*) (child_cfg_t *))get_dpd_action; - this->public.get_close_action = (action_t (*) (child_cfg_t *))get_close_action; - this->public.get_lifetime = (lifetime_cfg_t* (*) (child_cfg_t *))get_lifetime; - this->public.get_dh_group = (diffie_hellman_group_t(*)(child_cfg_t*)) get_dh_group; - this->public.set_mipv6_options = (void (*) (child_cfg_t*,bool,bool))set_mipv6_options; - this->public.use_ipcomp = (bool (*) (child_cfg_t *))use_ipcomp; - this->public.get_inactivity = (u_int32_t (*) (child_cfg_t *))get_inactivity; - this->public.get_reqid = (u_int32_t (*) (child_cfg_t *))get_reqid; - this->public.get_mark = (mark_t (*) (child_cfg_t *,bool))get_mark; - this->public.use_proxy_mode = (bool (*) (child_cfg_t *))use_proxy_mode; - this->public.install_policy = (bool (*) (child_cfg_t *))install_policy; - this->public.get_ref = (child_cfg_t* (*) (child_cfg_t*))get_ref; - this->public.destroy = (void (*) (child_cfg_t*))destroy; - - this->name = strdup(name); - this->updown = updown ? strdup(updown) : NULL; - this->hostaccess = hostaccess; - this->mode = mode; - this->dpd_action = dpd_action; - this->close_action = close_action; - this->use_ipcomp = ipcomp; - this->inactivity = inactivity; - this->reqid = reqid; -======= ipsec_mode_t mode, action_t start_action, action_t dpd_action, action_t close_action, bool ipcomp, u_int32_t inactivity, u_int32_t reqid, @@ -760,39 +553,15 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, .other_ts = linked_list_create(), .tfc = tfc, ); ->>>>>>> upstream/4.5.1 if (mark_in) { this->mark_in = *mark_in; } -<<<<<<< HEAD - else - { - this->mark_in.value = 0; - this->mark_in.mask = 0; - } -======= ->>>>>>> upstream/4.5.1 if (mark_out) { this->mark_out = *mark_out; } -<<<<<<< HEAD - else - { - this->mark_out.value = 0; - this->mark_out.mask = 0; - } - - this->proxy_mode = FALSE; - this->install_policy = TRUE; - this->refcount = 1; - this->proposals = linked_list_create(); - this->my_ts = linked_list_create(); - this->other_ts = linked_list_create(); -======= ->>>>>>> upstream/4.5.1 memcpy(&this->lifetime, lifetime, sizeof(lifetime_cfg_t)); return &this->public; diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index d933b2a04..175ced76c 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -32,25 +32,15 @@ typedef struct child_cfg_t child_cfg_t; #include <kernel/kernel_ipsec.h> /** -<<<<<<< HEAD - * Action to take when DPD detected/connection gets closed by peer. -======= * Action to take when connection is loaded, DPD is detected or * connection gets closed by peer. ->>>>>>> upstream/4.5.1 */ enum action_t { /** No action */ ACTION_NONE, -<<<<<<< HEAD - /** Route config to reestablish on demand */ - ACTION_ROUTE, - /** Restart config immediately */ -======= /** Route config to establish or reestablish on demand */ ACTION_ROUTE, /** Start or restart config immediately */ ->>>>>>> upstream/4.5.1 ACTION_RESTART, }; @@ -180,8 +170,6 @@ struct child_cfg_t { ipsec_mode_t (*get_mode) (child_cfg_t *this); /** -<<<<<<< HEAD -======= * Action to take to start CHILD_SA. * * @return start action @@ -189,7 +177,6 @@ struct child_cfg_t { action_t (*get_start_action) (child_cfg_t *this); /** ->>>>>>> upstream/4.5.1 * Action to take on DPD. * * @return DPD action @@ -241,8 +228,6 @@ struct child_cfg_t { mark_t (*get_mark)(child_cfg_t *this, bool inbound); /** -<<<<<<< HEAD -======= * Get the TFC padding value to use for CHILD_SA. * * @return TFC padding, 0 to disable, -1 for MTU @@ -250,7 +235,6 @@ struct child_cfg_t { u_int32_t (*get_tfc)(child_cfg_t *this); /** ->>>>>>> upstream/4.5.1 * Sets two options needed for Mobile IPv6 interoperability * * @param proxy_mode use IPsec transport proxy mode (default FALSE) @@ -307,10 +291,7 @@ struct child_cfg_t { * @param updown updown script to execute on up/down event * @param hostaccess TRUE to allow access to the local host * @param mode mode to propose for CHILD_SA, transport, tunnel or BEET -<<<<<<< HEAD -======= * @param start_action start action ->>>>>>> upstream/4.5.1 * @param dpd_action DPD action * @param close_action close action * @param ipcomp use IPComp, if peer supports it @@ -318,24 +299,14 @@ struct child_cfg_t { * @param reqid specific reqid to use for CHILD_SA, 0 for auto assign * @param mark_in optional inbound mark (can be NULL) * @param mark_out optional outbound mark (can be NULL) -<<<<<<< HEAD -======= * @param tfc TFC padding size, 0 to disable, -1 to pad to PMTU ->>>>>>> upstream/4.5.1 * @return child_cfg_t object */ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, char *updown, bool hostaccess, -<<<<<<< HEAD - ipsec_mode_t mode, action_t dpd_action, - action_t close_action, bool ipcomp, - u_int32_t inactivity, u_int32_t reqid, - mark_t *mark_in, mark_t *mark_out); -======= ipsec_mode_t mode, action_t start_action, action_t dpd_action, action_t close_action, bool ipcomp, u_int32_t inactivity, u_int32_t reqid, mark_t *mark_in, mark_t *mark_out, u_int32_t tfc); ->>>>>>> upstream/4.5.1 #endif /** CHILD_CFG_H_ @}*/ diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index 2b31eca04..6f0c87279 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -682,11 +682,7 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, this->use_mobike = mobike; this->dpd = dpd; this->virtual_ip = virtual_ip; -<<<<<<< HEAD - this->pool = pool ? strdup(pool) : NULL; -======= this->pool = strdupnull(pool); ->>>>>>> upstream/4.5.1 this->local_auth = linked_list_create(); this->remote_auth = linked_list_create(); this->refcount = 1; diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index aba7feede..2251b82dd 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -35,11 +35,6 @@ ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP, "ESP", ); -ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS, - "NO_EXT_SEQ", - "EXT_SEQ", -); - typedef struct private_proposal_t private_proposal_t; typedef struct algorithm_t algorithm_t; @@ -549,6 +544,16 @@ static void check_proposal(private_proposal_t *this) free(alg); } } + + if (this->protocol == PROTO_AH || this->protocol == PROTO_ESP) + { + e = this->esns->create_enumerator(this->esns); + if (!e->enumerate(e, &alg)) + { /* ESN not specified, assume not supported */ + add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); + } + e->destroy(e); + } } /** @@ -560,10 +565,7 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg) if (token == NULL) { -<<<<<<< HEAD -======= DBG1(DBG_CFG, "algorithm '%.*s' not recognized", alg.len, alg.ptr); ->>>>>>> upstream/4.5.1 return FAILED; } @@ -744,16 +746,10 @@ static void proposal_add_supported_ike(private_proposal_t *this) integrity_algorithm_t integrity; pseudo_random_function_t prf; diffie_hellman_group_t group; -<<<<<<< HEAD - - enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &encryption)) -======= const char *plugin_name; enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) ->>>>>>> upstream/4.5.1 { switch (encryption) { @@ -788,11 +784,7 @@ static void proposal_add_supported_ike(private_proposal_t *this) enumerator->destroy(enumerator); enumerator = lib->crypto->create_signer_enumerator(lib->crypto); -<<<<<<< HEAD - while (enumerator->enumerate(enumerator, &integrity)) -======= while (enumerator->enumerate(enumerator, &integrity, &plugin_name)) ->>>>>>> upstream/4.5.1 { switch (integrity) { @@ -811,11 +803,7 @@ static void proposal_add_supported_ike(private_proposal_t *this) enumerator->destroy(enumerator); enumerator = lib->crypto->create_prf_enumerator(lib->crypto); -<<<<<<< HEAD - while (enumerator->enumerate(enumerator, &prf)) -======= while (enumerator->enumerate(enumerator, &prf, &plugin_name)) ->>>>>>> upstream/4.5.1 { switch (prf) { @@ -834,11 +822,7 @@ static void proposal_add_supported_ike(private_proposal_t *this) enumerator->destroy(enumerator); enumerator = lib->crypto->create_dh_enumerator(lib->crypto); -<<<<<<< HEAD - while (enumerator->enumerate(enumerator, &group)) -======= while (enumerator->enumerate(enumerator, &group, &plugin_name)) ->>>>>>> upstream/4.5.1 { switch (group) { @@ -939,9 +923,5 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs check_proposal(this); - if (protocol == PROTO_AH || protocol == PROTO_ESP) - { - add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - } return &this->public; } diff --git a/src/libcharon/config/proposal.h b/src/libcharon/config/proposal.h index 97af5b60b..9337518bf 100644 --- a/src/libcharon/config/proposal.h +++ b/src/libcharon/config/proposal.h @@ -51,19 +51,6 @@ enum protocol_id_t { extern enum_name_t *protocol_id_names; /** - * Extended sequence numbers, as in IKEv2 RFC 3.3.2. - */ -enum extended_sequence_numbers_t { - NO_EXT_SEQ_NUMBERS = 0, - EXT_SEQ_NUMBERS = 1 -}; - -/** - * enum strings for extended_sequence_numbers_t. - */ -extern enum_name_t *extended_sequence_numbers_names; - -/** * Stores a set of algorithms used for an SA. * * A proposal stores algorithms for a specific diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c index 94c64028c..5bc19d11b 100644 --- a/src/libcharon/control/controller.c +++ b/src/libcharon/control/controller.c @@ -331,6 +331,8 @@ static status_t terminate_ike(controller_t *this, u_int32_t unique_id, return terminate_ike_execute(&job); } charon->bus->listen(charon->bus, &job.listener.public, (job_t*)&job); + /* checkin of the ike_sa happend in the thread that executed the job */ + charon->bus->set_sa(charon->bus, NULL); return job.listener.status; } @@ -417,6 +419,8 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid, return terminate_child_execute(&job); } charon->bus->listen(charon->bus, &job.listener.public, (job_t*)&job); + /* checkin of the ike_sa happend in the thread that executed the job */ + charon->bus->set_sa(charon->bus, NULL); return job.listener.status; } diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index 4223d5a8d..796e455a7 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -19,16 +19,6 @@ #include <stdio.h> #include <sys/types.h> #include <unistd.h> -<<<<<<< HEAD -#include <syslog.h> -#include <time.h> -#include <errno.h> - -#ifdef CAPABILITIES -#ifdef HAVE_SYS_CAPABILITY_H -#include <sys/capability.h> -#endif /* HAVE_SYS_CAPABILITY_H */ -======= #include <time.h> #ifdef CAPABILITIES @@ -37,7 +27,6 @@ # elif defined(CAPABILITIES_NATIVE) # include <linux/capability.h> # endif /* CAPABILITIES_NATIVE */ ->>>>>>> upstream/4.5.1 #endif /* CAPABILITIES */ #include "daemon.h" @@ -45,14 +34,7 @@ #include <library.h> #include <config/proposal.h> #include <kernel/kernel_handler.h> -<<<<<<< HEAD - -#ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */ -#define LOG_AUTHPRIV LOG_AUTH -#endif -======= #include <processing/jobs/start_action_job.h> ->>>>>>> upstream/4.5.1 typedef struct private_daemon_t private_daemon_t; @@ -77,11 +59,7 @@ struct private_daemon_t { cap_t caps; #endif /* CAPABILITIES_LIBCAP */ #ifdef CAPABILITIES_NATIVE -<<<<<<< HEAD - struct __user_cap_data_struct caps; -======= struct __user_cap_data_struct caps[2]; ->>>>>>> upstream/4.5.1 #endif /* CAPABILITIES_NATIVE */ }; @@ -166,11 +144,6 @@ METHOD(daemon_t, keep_cap, void, cap_set_flag(this->caps, CAP_PERMITTED, 1, &cap, CAP_SET); #endif /* CAPABILITIES_LIBCAP */ #ifdef CAPABILITIES_NATIVE -<<<<<<< HEAD - this->caps.effective |= 1 << cap; - this->caps.permitted |= 1 << cap; - this->caps.inheritable |= 1 << cap; -======= int i = 0; if (cap >= 32) @@ -181,7 +154,6 @@ METHOD(daemon_t, keep_cap, void, this->caps[i].effective |= 1 << cap; this->caps[i].permitted |= 1 << cap; this->caps[i].inheritable |= 1 << cap; ->>>>>>> upstream/4.5.1 #endif /* CAPABILITIES_NATIVE */ } @@ -196,21 +168,17 @@ METHOD(daemon_t, drop_capabilities, bool, #endif /* CAPABILITIES_LIBCAP */ #ifdef CAPABILITIES_NATIVE struct __user_cap_header_struct header = { -<<<<<<< HEAD - .version = _LINUX_CAPABILITY_VERSION, - }; - if (capset(&header, &this->caps) != 0) -======= #if defined(_LINUX_CAPABILITY_VERSION_3) .version = _LINUX_CAPABILITY_VERSION_3, #elif defined(_LINUX_CAPABILITY_VERSION_2) .version = _LINUX_CAPABILITY_VERSION_2, -#else +#elif defined(_LINUX_CAPABILITY_VERSION_1) .version = _LINUX_CAPABILITY_VERSION_1, +#else + .version = _LINUX_CAPABILITY_VERSION, #endif }; if (capset(&header, this->caps) != 0) ->>>>>>> upstream/4.5.1 { return FALSE; } @@ -232,175 +200,25 @@ METHOD(daemon_t, start, void, */ static void print_plugins() { - char buf[512], *plugin; + char buf[512]; int len = 0; enumerator_t *enumerator; + plugin_t *plugin; buf[0] = '\0'; enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); while (len < sizeof(buf) && enumerator->enumerate(enumerator, &plugin)) { - len += snprintf(&buf[len], sizeof(buf)-len, "%s ", plugin); + len += snprintf(&buf[len], sizeof(buf)-len, "%s ", + plugin->get_name(plugin)); } enumerator->destroy(enumerator); DBG1(DBG_DMN, "loaded plugins: %s", buf); } -<<<<<<< HEAD -/** - * Initialize logging - */ -static void initialize_loggers(private_daemon_t *this, bool use_stderr, - level_t levels[]) -{ - sys_logger_t *sys_logger; - file_logger_t *file_logger; - enumerator_t *enumerator; - char *facility, *filename; - int loggers_defined = 0; - debug_t group; - level_t def; - bool append, ike_name; - FILE *file; - - /* setup sysloggers */ - enumerator = lib->settings->create_section_enumerator(lib->settings, - "charon.syslog"); - while (enumerator->enumerate(enumerator, &facility)) - { - loggers_defined++; - - ike_name = lib->settings->get_bool(lib->settings, - "charon.syslog.%s.ike_name", FALSE, facility); - if (streq(facility, "daemon")) - { - sys_logger = sys_logger_create(LOG_DAEMON, ike_name); - } - else if (streq(facility, "auth")) - { - sys_logger = sys_logger_create(LOG_AUTHPRIV, ike_name); - } - else - { - continue; - } - def = lib->settings->get_int(lib->settings, - "charon.syslog.%s.default", 1, facility); - for (group = 0; group < DBG_MAX; group++) - { - sys_logger->set_level(sys_logger, group, - lib->settings->get_int(lib->settings, - "charon.syslog.%s.%N", def, - facility, debug_lower_names, group)); - } - this->public.sys_loggers->insert_last(this->public.sys_loggers, - sys_logger); - this->public.bus->add_listener(this->public.bus, &sys_logger->listener); - } - enumerator->destroy(enumerator); - - /* and file loggers */ - enumerator = lib->settings->create_section_enumerator(lib->settings, - "charon.filelog"); - while (enumerator->enumerate(enumerator, &filename)) - { - loggers_defined++; - if (streq(filename, "stderr")) - { - file = stderr; - } - else if (streq(filename, "stdout")) - { - file = stdout; - } - else - { - append = lib->settings->get_bool(lib->settings, - "charon.filelog.%s.append", TRUE, filename); - file = fopen(filename, append ? "a" : "w"); - if (file == NULL) - { - DBG1(DBG_DMN, "opening file %s for logging failed: %s", - filename, strerror(errno)); - continue; - } - if (lib->settings->get_bool(lib->settings, - "charon.filelog.%s.flush_line", FALSE, filename)) - { - setlinebuf(file); - } - } - file_logger = file_logger_create(file, - lib->settings->get_str(lib->settings, - "charon.filelog.%s.time_format", NULL, filename), - lib->settings->get_bool(lib->settings, - "charon.filelog.%s.ike_name", FALSE, filename)); - def = lib->settings->get_int(lib->settings, - "charon.filelog.%s.default", 1, filename); - for (group = 0; group < DBG_MAX; group++) - { - file_logger->set_level(file_logger, group, - lib->settings->get_int(lib->settings, - "charon.filelog.%s.%N", def, - filename, debug_lower_names, group)); - } - this->public.file_loggers->insert_last(this->public.file_loggers, - file_logger); - this->public.bus->add_listener(this->public.bus, &file_logger->listener); - - } - enumerator->destroy(enumerator); - - /* set up legacy style default loggers provided via command-line */ - if (!loggers_defined) - { - /* set up default stdout file_logger */ - file_logger = file_logger_create(stdout, NULL, FALSE); - this->public.bus->add_listener(this->public.bus, &file_logger->listener); - this->public.file_loggers->insert_last(this->public.file_loggers, - file_logger); - /* set up default daemon sys_logger */ - sys_logger = sys_logger_create(LOG_DAEMON, FALSE); - this->public.bus->add_listener(this->public.bus, &sys_logger->listener); - this->public.sys_loggers->insert_last(this->public.sys_loggers, - sys_logger); - for (group = 0; group < DBG_MAX; group++) - { - sys_logger->set_level(sys_logger, group, levels[group]); - if (use_stderr) - { - file_logger->set_level(file_logger, group, levels[group]); - } - } - - /* set up default auth sys_logger */ - sys_logger = sys_logger_create(LOG_AUTHPRIV, FALSE); - this->public.bus->add_listener(this->public.bus, &sys_logger->listener); - this->public.sys_loggers->insert_last(this->public.sys_loggers, - sys_logger); - sys_logger->set_level(sys_logger, DBG_ANY, LEVEL_AUDIT); - } -} - -METHOD(daemon_t, initialize, bool, - private_daemon_t *this, bool syslog, level_t levels[]) -{ - /* for uncritical pseudo random numbers */ - srandom(time(NULL) + getpid()); - - /* setup bus and it's listeners first to enable log output */ - this->public.bus = bus_create(); - /* set up hook to log dbg message in library via charons message bus */ - dbg_old = dbg; - dbg = dbg_bus; - - initialize_loggers(this, !syslog, levels); - -======= METHOD(daemon_t, initialize, bool, private_daemon_t *this) { ->>>>>>> upstream/4.5.1 DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")"); if (lib->integrity) @@ -412,19 +230,6 @@ METHOD(daemon_t, initialize, bool, DBG1(DBG_DMN, "daemon 'charon': passed file integrity test"); } -<<<<<<< HEAD - /* load secrets, ca certificates and crls */ - this->public.controller = controller_create(); - this->public.eap = eap_manager_create(); - this->public.sim = sim_manager_create(); - this->public.tnccs = tnccs_manager_create(); - this->public.backends = backend_manager_create(); - this->public.socket = socket_manager_create(); - this->public.traps = trap_manager_create(); - this->kernel_handler = kernel_handler_create(); - -======= ->>>>>>> upstream/4.5.1 /* load plugins, further infrastructure may need it */ if (!lib->plugins->load(lib->plugins, NULL, lib->settings->get_str(lib->settings, "charon.load", PLUGINS))) @@ -446,12 +251,9 @@ METHOD(daemon_t, initialize, bool, return FALSE; } -<<<<<<< HEAD -======= /* Queue start_action job */ lib->processor->queue_job(lib->processor, (job_t*)start_action_job_create()); ->>>>>>> upstream/4.5.1 #ifdef ME this->public.connect_manager = connect_manager_create(); if (this->public.connect_manager == NULL) @@ -477,16 +279,11 @@ private_daemon_t *daemon_create() .drop_capabilities = _drop_capabilities, .initialize = _initialize, .start = _start, -<<<<<<< HEAD -======= .bus = bus_create(), ->>>>>>> upstream/4.5.1 .file_loggers = linked_list_create(), .sys_loggers = linked_list_create(), }, ); -<<<<<<< HEAD -======= charon = &this->public; this->public.controller = controller_create(); this->public.eap = eap_manager_create(); @@ -496,7 +293,6 @@ private_daemon_t *daemon_create() this->public.socket = socket_manager_create(); this->public.traps = trap_manager_create(); this->kernel_handler = kernel_handler_create(); ->>>>>>> upstream/4.5.1 #ifdef CAPABILITIES #ifdef CAPABILITIES_LIBCAP @@ -517,10 +313,6 @@ private_daemon_t *daemon_create() */ void libcharon_deinit() { -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 destroy((private_daemon_t*)charon); charon = NULL; } @@ -533,9 +325,6 @@ bool libcharon_init() private_daemon_t *this; this = daemon_create(); -<<<<<<< HEAD - charon = &this->public; -======= /* for uncritical pseudo random numbers */ srandom(time(NULL) + getpid()); @@ -543,7 +332,6 @@ bool libcharon_init() /* set up hook to log dbg message in library via charons message bus */ dbg_old = dbg; dbg = dbg_bus; ->>>>>>> upstream/4.5.1 lib->printf_hook->add_handler(lib->printf_hook, 'P', proposal_printf_hook, diff --git a/src/libcharon/daemon.h b/src/libcharon/daemon.h index ae590601f..04f1fc249 100644 --- a/src/libcharon/daemon.h +++ b/src/libcharon/daemon.h @@ -149,13 +149,9 @@ typedef struct daemon_t daemon_t; #include <config/backend_manager.h> #include <sa/authenticators/eap/eap_manager.h> #include <sa/authenticators/eap/sim_manager.h> -<<<<<<< HEAD -#include <tnccs/tnccs_manager.h> -======= #include <tnc/imc/imc_manager.h> #include <tnc/imv/imv_manager.h> #include <tnc/tnccs/tnccs_manager.h> ->>>>>>> upstream/4.5.1 #ifdef ME #include <sa/connect_manager.h> @@ -243,8 +239,6 @@ struct daemon_t { sim_manager_t *sim; /** -<<<<<<< HEAD -======= * TNC IMC manager controlling Integrity Measurement Collectors */ imc_manager_t *imcs; @@ -255,7 +249,6 @@ struct daemon_t { imv_manager_t *imvs; /** ->>>>>>> upstream/4.5.1 * TNCCS manager to maintain registered TNCCS protocols */ tnccs_manager_t *tnccs; @@ -305,11 +298,7 @@ struct daemon_t { /** * Initialize the daemon. */ -<<<<<<< HEAD - bool (*initialize)(daemon_t *this, bool syslog, level_t levels[]); -======= bool (*initialize)(daemon_t *this); ->>>>>>> upstream/4.5.1 /** * Starts the daemon, i.e. spawns the threads of the thread pool. @@ -328,12 +317,9 @@ extern daemon_t *charon; /** * Initialize libcharon and create the "charon" instance of daemon_t. * -<<<<<<< HEAD -======= * This function initializes the bus, listeners can be registered before * calling initialize(). * ->>>>>>> upstream/4.5.1 * @return FALSE if integrity check failed */ bool libcharon_init(); diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c index 785f1430a..ce3844361 100644 --- a/src/libcharon/encoding/generator.c +++ b/src/libcharon/encoding/generator.c @@ -41,10 +41,7 @@ #include <encoding/payloads/cp_payload.h> #include <encoding/payloads/configuration_attribute.h> #include <encoding/payloads/eap_payload.h> -<<<<<<< HEAD -======= #include <encoding/payloads/unknown_payload.h> ->>>>>>> upstream/4.5.1 /** * Generating is done in a data buffer. @@ -93,27 +90,10 @@ struct private_generator_t { */ void *data_struct; -<<<<<<< HEAD - /* - * Last payload length position offset in the buffer. - */ - u_int32_t last_payload_length_position_offset; - - /** - * Offset of the header length field in the buffer. - */ - u_int32_t header_length_position_offset; - - /** - * Last SPI size. - */ - u_int8_t last_spi_size; -======= /** * Offset of the header length field in the buffer. */ u_int32_t header_length_offset; ->>>>>>> upstream/4.5.1 /** * Attribute format of the last generated transform attribute. @@ -204,36 +184,6 @@ static void write_bytes_to_buffer(private_generator_t *this, void *bytes, } /** -<<<<<<< HEAD - * Writes a specific amount of byte into the buffer at a specific offset. - */ -static void write_bytes_to_buffer_at_offset(private_generator_t *this, - void *bytes, int number_of_bytes, u_int32_t offset) -{ - int i; - u_int8_t *read_position = (u_int8_t *)bytes; - u_int8_t *write_position; - u_int32_t free_space_after_offset = get_size(this) - offset; - - /* check first if enough space for new data is available */ - if (number_of_bytes > free_space_after_offset) - { - make_space_available(this, - (number_of_bytes - free_space_after_offset) * 8); - } - - write_position = this->buffer + offset; - for (i = 0; i < number_of_bytes; i++) - { - *write_position = *read_position; - read_position++; - write_position++; - } -} - -/** -======= ->>>>>>> upstream/4.5.1 * Generates a U_INT-Field type and writes it to buffer. */ static void generate_u_int_type(private_generator_t *this, @@ -248,19 +198,13 @@ static void generate_u_int_type(private_generator_t *this, number_of_bits = 4; break; case TS_TYPE: -<<<<<<< HEAD -======= case RESERVED_BYTE: case SPI_SIZE: ->>>>>>> upstream/4.5.1 case U_INT_8: number_of_bits = 8; break; case U_INT_16: -<<<<<<< HEAD -======= case PAYLOAD_LENGTH: ->>>>>>> upstream/4.5.1 case CONFIGURATION_ATTRIBUTE_LENGTH: number_of_bits = 16; break; @@ -324,11 +268,8 @@ static void generate_u_int_type(private_generator_t *this, break; } case TS_TYPE: -<<<<<<< HEAD -======= case RESERVED_BYTE: case SPI_SIZE: ->>>>>>> upstream/4.5.1 case U_INT_8: { /* 8 bit values are written as they are */ @@ -366,10 +307,7 @@ static void generate_u_int_type(private_generator_t *this, } case U_INT_16: -<<<<<<< HEAD -======= case PAYLOAD_LENGTH: ->>>>>>> upstream/4.5.1 case CONFIGURATION_ATTRIBUTE_LENGTH: { u_int16_t val = htons(*((u_int16_t*)(this->data_struct + offset))); @@ -403,52 +341,6 @@ static void generate_u_int_type(private_generator_t *this, } /** -<<<<<<< HEAD - * Generate a reserved bit or byte - */ -static void generate_reserved_field(private_generator_t *this, int bits) -{ - /* only one bit or 8 bit fields are supported */ - if (bits != 1 && bits != 8) - { - DBG1(DBG_ENC, "reserved field of %d bits cannot be generated", bits); - return ; - } - make_space_available(this, bits); - - if (bits == 1) - { - u_int8_t reserved_bit = ~(1 << (7 - this->current_bit)); - - *(this->out_position) = *(this->out_position) & reserved_bit; - if (this->current_bit == 0) - { - /* memory must be zero */ - *(this->out_position) = 0x00; - } - this->current_bit++; - if (this->current_bit >= 8) - { - this->current_bit = this->current_bit % 8; - this->out_position++; - } - } - else - { - if (this->current_bit > 0) - { - DBG1(DBG_ENC, "reserved field cannot be written cause " - "alignement of current bit is %d", this->current_bit); - return; - } - *(this->out_position) = 0x00; - this->out_position++; - } -} - -/** -======= ->>>>>>> upstream/4.5.1 * Generate a FLAG filed */ static void generate_flag(private_generator_t *this, u_int32_t offset) @@ -503,11 +395,7 @@ METHOD(generator_t, get_chunk, chunk_t, { chunk_t data; -<<<<<<< HEAD - *lenpos = (u_int32_t*)(this->buffer + this->header_length_position_offset); -======= *lenpos = (u_int32_t*)(this->buffer + this->header_length_offset); ->>>>>>> upstream/4.5.1 data = chunk_create(this->buffer, get_length(this)); DBG3(DBG_ENC, "generated data of this generator %B", &data); return data; @@ -523,11 +411,6 @@ METHOD(generator_t, generate_payload, void, this->data_struct = payload; payload_type = payload->get_type(payload); -<<<<<<< HEAD - /* spi size has to get reseted */ - this->last_spi_size = 0; -======= ->>>>>>> upstream/4.5.1 offset_start = this->out_position - this->buffer; @@ -547,58 +430,6 @@ METHOD(generator_t, generate_payload, void, case U_INT_8: case U_INT_16: case U_INT_32: -<<<<<<< HEAD - case IKE_SPI: - case TS_TYPE: - case ATTRIBUTE_TYPE: - case CONFIGURATION_ATTRIBUTE_LENGTH: - { - generate_u_int_type(this, rules[i].type, rules[i].offset); - break; - } - case RESERVED_BIT: - { - generate_reserved_field(this, 1); - break; - } - case RESERVED_BYTE: - { - generate_reserved_field(this, 8); - break; - } - case FLAG: - { - generate_flag(this, rules[i].offset); - break; - } - case PAYLOAD_LENGTH: - { - this->last_payload_length_position_offset = get_offset(this); - generate_u_int_type(this, U_INT_16,rules[i].offset); - break; - } - case HEADER_LENGTH: - { - this->header_length_position_offset = get_offset(this); - generate_u_int_type(this ,U_INT_32, rules[i].offset); - break; - } - case SPI_SIZE: - generate_u_int_type(this, U_INT_8, rules[i].offset); - this->last_spi_size = *((u_int8_t *)(this->data_struct + - rules[i].offset)); - break; - case ADDRESS: - { - generate_from_chunk(this, rules[i].offset); - break; - } - case SPI: - { - generate_from_chunk(this, rules[i].offset); - break; - } -======= case PAYLOAD_LENGTH: case IKE_SPI: case RESERVED_BYTE: @@ -618,7 +449,6 @@ METHOD(generator_t, generate_payload, void, break; case ADDRESS: case SPI: ->>>>>>> upstream/4.5.1 case KEY_EXCHANGE_DATA: case NOTIFICATION_DATA: case NONCE_DATA: @@ -630,198 +460,6 @@ METHOD(generator_t, generate_payload, void, case CONFIGURATION_ATTRIBUTE_VALUE: case VID_DATA: case EAP_DATA: -<<<<<<< HEAD - { - u_int32_t payload_length_position_offset; - u_int16_t length_of_payload; - u_int16_t header_length = 0; - u_int16_t length_in_network_order; - - switch(rules[i].type) - { - case KEY_EXCHANGE_DATA: - header_length = KE_PAYLOAD_HEADER_LENGTH; - break; - case NOTIFICATION_DATA: - header_length = NOTIFY_PAYLOAD_HEADER_LENGTH + - this->last_spi_size; - break; - case NONCE_DATA: - header_length = NONCE_PAYLOAD_HEADER_LENGTH; - break; - case ID_DATA: - header_length = ID_PAYLOAD_HEADER_LENGTH; - break; - case AUTH_DATA: - header_length = AUTH_PAYLOAD_HEADER_LENGTH; - break; - case CERT_DATA: - header_length = CERT_PAYLOAD_HEADER_LENGTH; - break; - case CERTREQ_DATA: - header_length = CERTREQ_PAYLOAD_HEADER_LENGTH; - break; - case SPIS: - header_length = DELETE_PAYLOAD_HEADER_LENGTH; - break; - case VID_DATA: - header_length = VENDOR_ID_PAYLOAD_HEADER_LENGTH; - break; - case CONFIGURATION_ATTRIBUTE_VALUE: - header_length = CONFIGURATION_ATTRIBUTE_HEADER_LENGTH; - break; - case EAP_DATA: - header_length = EAP_PAYLOAD_HEADER_LENGTH; - break; - default: - break; - } - generate_from_chunk(this, rules[i].offset); - - payload_length_position_offset = - this->last_payload_length_position_offset; - - length_of_payload = header_length + - ((chunk_t *)(this->data_struct + rules[i].offset))->len; - - length_in_network_order = htons(length_of_payload); - write_bytes_to_buffer_at_offset(this, &length_in_network_order, - sizeof(u_int16_t), payload_length_position_offset); - break; - } - case PROPOSALS: - { - u_int32_t payload_length_position_offset = - this->last_payload_length_position_offset; - /* Length of SA_PAYLOAD is calculated */ - u_int16_t length_of_sa_payload = SA_PAYLOAD_HEADER_LENGTH; - u_int16_t int16_val; - linked_list_t *proposals = *((linked_list_t **) - (this->data_struct + rules[i].offset)); - iterator_t *iterator; - payload_t *current_proposal; - - iterator = proposals->create_iterator(proposals,TRUE); - while (iterator->iterate(iterator, (void**)¤t_proposal)) - { - u_int32_t before_generate_position_offset; - u_int32_t after_generate_position_offset; - - before_generate_position_offset = get_offset(this); - generate_payload(this, current_proposal); - after_generate_position_offset = get_offset(this); - length_of_sa_payload += (after_generate_position_offset - - before_generate_position_offset); - } - iterator->destroy(iterator); - - int16_val = htons(length_of_sa_payload); - write_bytes_to_buffer_at_offset(this, &int16_val, - sizeof(u_int16_t),payload_length_position_offset); - break; - } - case TRANSFORMS: - { - u_int32_t payload_length_position_offset = - this->last_payload_length_position_offset; - u_int16_t length_of_proposal = - PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH + this->last_spi_size; - u_int16_t int16_val; - linked_list_t *transforms = *((linked_list_t **) - (this->data_struct + rules[i].offset)); - iterator_t *iterator; - payload_t *current_transform; - - iterator = transforms->create_iterator(transforms,TRUE); - while (iterator->iterate(iterator, (void**)¤t_transform)) - { - u_int32_t before_generate_position_offset; - u_int32_t after_generate_position_offset; - - before_generate_position_offset = get_offset(this); - generate_payload(this, current_transform); - after_generate_position_offset = get_offset(this); - - length_of_proposal += (after_generate_position_offset - - before_generate_position_offset); - } - iterator->destroy(iterator); - - int16_val = htons(length_of_proposal); - write_bytes_to_buffer_at_offset(this, &int16_val, - sizeof(u_int16_t), payload_length_position_offset); - break; - } - case TRANSFORM_ATTRIBUTES: - { - u_int32_t transform_length_position_offset = - this->last_payload_length_position_offset; - u_int16_t length_of_transform = - TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; - u_int16_t int16_val; - linked_list_t *transform_attributes =*((linked_list_t **) - (this->data_struct + rules[i].offset)); - iterator_t *iterator; - payload_t *current_attribute; - - iterator = transform_attributes->create_iterator( - transform_attributes, TRUE); - while (iterator->iterate(iterator, (void**)¤t_attribute)) - { - u_int32_t before_generate_position_offset; - u_int32_t after_generate_position_offset; - - before_generate_position_offset = get_offset(this); - generate_payload(this, current_attribute); - after_generate_position_offset = get_offset(this); - - length_of_transform += (after_generate_position_offset - - before_generate_position_offset); - } - - iterator->destroy(iterator); - - int16_val = htons(length_of_transform); - write_bytes_to_buffer_at_offset(this, &int16_val, - sizeof(u_int16_t),transform_length_position_offset); - break; - } - case CONFIGURATION_ATTRIBUTES: - { - u_int32_t configurations_length_position_offset = - this->last_payload_length_position_offset; - u_int16_t length_of_configurations = CP_PAYLOAD_HEADER_LENGTH; - u_int16_t int16_val; - linked_list_t *configuration_attributes = *((linked_list_t **) - (this->data_struct + rules[i].offset)); - iterator_t *iterator; - payload_t *current_attribute; - - iterator = configuration_attributes->create_iterator( - configuration_attributes,TRUE); - while (iterator->iterate(iterator, (void**)¤t_attribute)) - { - u_int32_t before_generate_position_offset; - u_int32_t after_generate_position_offset; - - before_generate_position_offset = get_offset(this); - generate_payload(this, current_attribute); - after_generate_position_offset = get_offset(this); - - length_of_configurations += after_generate_position_offset - - before_generate_position_offset; - } - - iterator->destroy(iterator); - - int16_val = htons(length_of_configurations); - write_bytes_to_buffer_at_offset(this, &int16_val, - sizeof(u_int16_t),configurations_length_position_offset); - break; - } - case ATTRIBUTE_FORMAT: - { -======= case ENCRYPTED_DATA: case UNKNOWN_DATA: generate_from_chunk(this, rules[i].offset); @@ -847,41 +485,19 @@ METHOD(generator_t, generate_payload, void, break; } case ATTRIBUTE_FORMAT: ->>>>>>> upstream/4.5.1 generate_flag(this, rules[i].offset); /* Attribute format is a flag which is stored in context*/ this->attribute_format = *((bool *)(this->data_struct + rules[i].offset)); break; -<<<<<<< HEAD - } - - case ATTRIBUTE_LENGTH_OR_VALUE: - { - if (this->attribute_format == FALSE) - { - generate_u_int_type(this, U_INT_16, rules[i].offset); - /* this field hold the length of the attribute */ - this->attribute_length = - *((u_int16_t *)(this->data_struct + rules[i].offset)); -======= case ATTRIBUTE_LENGTH_OR_VALUE: if (this->attribute_format) { generate_u_int_type(this, U_INT_16, rules[i].offset); ->>>>>>> upstream/4.5.1 } else { generate_u_int_type(this, U_INT_16, rules[i].offset); -<<<<<<< HEAD - } - break; - } - case ATTRIBUTE_VALUE: - { - if (this->attribute_format == FALSE) -======= /* this field hold the length of the attribute */ this->attribute_length = *((u_int16_t *)(this->data_struct + rules[i].offset)); @@ -890,7 +506,6 @@ METHOD(generator_t, generate_payload, void, case ATTRIBUTE_VALUE: { if (!this->attribute_format) ->>>>>>> upstream/4.5.1 { DBG2(DBG_ENC, "attribute value has not fixed size"); /* the attribute value is generated */ @@ -898,47 +513,6 @@ METHOD(generator_t, generate_payload, void, } break; } -<<<<<<< HEAD - case TRAFFIC_SELECTORS: - { - u_int32_t payload_length_position_offset = - this->last_payload_length_position_offset; - u_int16_t length_of_ts_payload = TS_PAYLOAD_HEADER_LENGTH; - u_int16_t int16_val; - linked_list_t *traffic_selectors = *((linked_list_t **) - (this->data_struct + rules[i].offset)); - iterator_t *iterator; - payload_t *current_tss; - - iterator = traffic_selectors->create_iterator( - traffic_selectors,TRUE); - while (iterator->iterate(iterator, (void **)¤t_tss)) - { - u_int32_t before_generate_position_offset; - u_int32_t after_generate_position_offset; - - before_generate_position_offset = get_offset(this); - generate_payload(this, current_tss); - after_generate_position_offset = get_offset(this); - - length_of_ts_payload += (after_generate_position_offset - - before_generate_position_offset); - } - iterator->destroy(iterator); - - int16_val = htons(length_of_ts_payload); - write_bytes_to_buffer_at_offset(this, &int16_val, - sizeof(u_int16_t),payload_length_position_offset); - break; - } - - case ENCRYPTED_DATA: - { - generate_from_chunk(this, rules[i].offset); - break; - } -======= ->>>>>>> upstream/4.5.1 default: DBG1(DBG_ENC, "field type %N is not supported", encoding_type_names, rules[i].type); diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 071424812..214612fdb 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -45,6 +45,16 @@ #define MAX_DELETE_PAYLOADS 20 /** + * Max number of certificate payloads per IKEv2 Message + */ +#define MAX_CERT_PAYLOADS 8 + +/** + * Max number of Vendor ID payloads per IKEv2 Message + */ +#define MAX_VID_PAYLOADS 20 + +/** * A payload rule defines the rules for a payload * in a specific message rule. It defines if and how * many times a payload must/can occur in a message @@ -104,7 +114,7 @@ static payload_rule_t ike_sa_init_i_rules[] = { {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, {KEY_EXCHANGE, 1, 1, FALSE, FALSE}, {NONCE, 1, 1, FALSE, FALSE}, - {VENDOR_ID, 0, 10, FALSE, FALSE}, + {VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, }; /** @@ -131,11 +141,8 @@ static payload_rule_t ike_sa_init_r_rules[] = { {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, {KEY_EXCHANGE, 1, 1, FALSE, FALSE}, {NONCE, 1, 1, FALSE, FALSE}, -<<<<<<< HEAD -======= - {CERTIFICATE_REQUEST, 1, 1, FALSE, FALSE}, ->>>>>>> upstream/4.5.1 - {VENDOR_ID, 0, 10, FALSE, FALSE}, + {CERTIFICATE_REQUEST, 0, 1, FALSE, FALSE}, + {VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, }; /** @@ -163,7 +170,7 @@ static payload_rule_t ike_auth_i_rules[] = { {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE}, {AUTHENTICATION, 0, 1, TRUE, TRUE}, {ID_INITIATOR, 0, 1, TRUE, FALSE}, - {CERTIFICATE, 0, 4, TRUE, FALSE}, + {CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, {CERTIFICATE_REQUEST, 0, 1, TRUE, FALSE}, {ID_RESPONDER, 0, 1, TRUE, FALSE}, #ifdef ME @@ -176,7 +183,7 @@ static payload_rule_t ike_auth_i_rules[] = { {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, #endif /* ME */ {CONFIGURATION, 0, 1, TRUE, FALSE}, - {VENDOR_ID, 0, 10, TRUE, FALSE}, + {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -216,13 +223,13 @@ static payload_rule_t ike_auth_r_rules[] = { {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE}, {AUTHENTICATION, 0, 1, TRUE, TRUE}, - {CERTIFICATE, 0, 4, TRUE, FALSE}, + {CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, {ID_RESPONDER, 0, 1, TRUE, FALSE}, {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, {CONFIGURATION, 0, 1, TRUE, FALSE}, - {VENDOR_ID, 0, 10, TRUE, FALSE}, + {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -259,7 +266,7 @@ static payload_rule_t informational_i_rules[] = { {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, {CONFIGURATION, 0, 1, TRUE, FALSE}, {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID, 0, 10, TRUE, FALSE}, + {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -284,7 +291,7 @@ static payload_rule_t informational_r_rules[] = { {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, {CONFIGURATION, 0, 1, TRUE, FALSE}, {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, - {VENDOR_ID, 0, 10, TRUE, FALSE}, + {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -313,7 +320,7 @@ static payload_rule_t create_child_sa_i_rules[] = { {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, {CONFIGURATION, 0, 1, TRUE, FALSE}, - {VENDOR_ID, 0, 10, TRUE, FALSE}, + {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -346,7 +353,7 @@ static payload_rule_t create_child_sa_r_rules[] = { {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, {CONFIGURATION, 0, 1, TRUE, FALSE}, - {VENDOR_ID, 0, 10, TRUE, FALSE}, + {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; /** @@ -375,7 +382,7 @@ static payload_rule_t me_connect_i_rules[] = { /* payload type min max encr suff */ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, {ID_PEER, 1, 1, TRUE, FALSE}, - {VENDOR_ID, 0, 10, TRUE, FALSE} + {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE} }; /** @@ -394,7 +401,7 @@ static payload_order_t me_connect_i_order[] = { static payload_rule_t me_connect_r_rules[] = { /* payload type min max encr suff */ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, - {VENDOR_ID, 0, 10, TRUE, FALSE} + {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE} }; /** @@ -494,8 +501,6 @@ struct private_message_t { bool is_request; /** -<<<<<<< HEAD -======= * Higher version supported? */ bool version_flag; @@ -511,7 +516,6 @@ struct private_message_t { bool sort_disabled; /** ->>>>>>> upstream/4.5.1 * Message ID of this message. */ u_int32_t message_id; @@ -669,20 +673,6 @@ METHOD(message_t, get_request, bool, return this->is_request; } -<<<<<<< HEAD -/** - * Is this message in an encoded form? - */ -static bool is_encoded(private_message_t *this) -{ - chunk_t data = this->packet->get_data(this->packet); - - if (data.ptr == NULL) - { - return FALSE; - } - return TRUE; -======= METHOD(message_t, set_version_flag, void, private_message_t *this) { @@ -712,7 +702,6 @@ METHOD(message_t, is_encoded, bool, private_message_t *this) { return this->packet->get_data(this->packet).ptr != NULL; ->>>>>>> upstream/4.5.1 } METHOD(message_t, add_payload, void, @@ -786,15 +775,12 @@ METHOD(message_t, create_payload_enumerator, enumerator_t*, return this->payloads->create_enumerator(this->payloads); } -<<<<<<< HEAD -======= METHOD(message_t, remove_payload_at, void, private_message_t *this, enumerator_t *enumerator) { this->payloads->remove_at(this->payloads, enumerator); } ->>>>>>> upstream/4.5.1 METHOD(message_t, get_payload, payload_t*, private_message_t *this, payload_type_t type) { @@ -1064,15 +1050,12 @@ static encryption_payload_t* wrap_payloads(private_message_t *this) return encryption; } -<<<<<<< HEAD -======= METHOD(message_t, disable_sort, void, private_message_t *this) { this->sort_disabled = TRUE; } ->>>>>>> upstream/4.5.1 METHOD(message_t, generate, status_t, private_message_t *this, aead_t *aead, packet_t **packet) { @@ -1084,17 +1067,8 @@ METHOD(message_t, generate, status_t, chunk_t chunk; char str[256]; u_int32_t *lenpos; -<<<<<<< HEAD - - if (is_encoded(this)) - { /* already generated, return a new packet clone */ - *packet = this->packet->clone(this->packet); - return SUCCESS; - } -======= bool *reserved; int i; ->>>>>>> upstream/4.5.1 if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED) { @@ -1116,14 +1090,10 @@ METHOD(message_t, generate, status_t, return NOT_SUPPORTED; } -<<<<<<< HEAD - order_payloads(this); -======= if (!this->sort_disabled) { order_payloads(this); } ->>>>>>> upstream/4.5.1 DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str))); @@ -1137,18 +1107,12 @@ METHOD(message_t, generate, status_t, } ike_header = ike_header_create(); -<<<<<<< HEAD - ike_header->set_exchange_type(ike_header, this->exchange_type); - ike_header->set_message_id(ike_header, this->message_id); - ike_header->set_response_flag(ike_header, !this->is_request); -======= ike_header->set_maj_version(ike_header, this->major_version); ike_header->set_min_version(ike_header, this->minor_version); ike_header->set_exchange_type(ike_header, this->exchange_type); ike_header->set_message_id(ike_header, this->message_id); ike_header->set_response_flag(ike_header, !this->is_request); ike_header->set_version_flag(ike_header, this->version_flag); ->>>>>>> upstream/4.5.1 ike_header->set_initiator_flag(ike_header, this->ike_sa_id->is_initiator(this->ike_sa_id)); ike_header->set_initiator_spi(ike_header, @@ -1156,8 +1120,6 @@ METHOD(message_t, generate, status_t, ike_header->set_responder_spi(ike_header, this->ike_sa_id->get_responder_spi(this->ike_sa_id)); -<<<<<<< HEAD -======= for (i = 0; i < countof(this->reserved); i++) { reserved = payload_get_field(&ike_header->payload_interface, @@ -1168,7 +1130,6 @@ METHOD(message_t, generate, status_t, } } ->>>>>>> upstream/4.5.1 generator = generator_create(); /* generate all payloads with proper next type */ @@ -1237,11 +1198,8 @@ METHOD(message_t, parse_header, status_t, { ike_header_t *ike_header; status_t status; -<<<<<<< HEAD -======= bool *reserved; int i; ->>>>>>> upstream/4.5.1 DBG2(DBG_ENC, "parsing header of message"); @@ -1276,9 +1234,6 @@ METHOD(message_t, parse_header, status_t, this->minor_version = ike_header->get_min_version(ike_header); this->first_payload = ike_header->payload_interface.get_next_type( &ike_header->payload_interface); -<<<<<<< HEAD - -======= for (i = 0; i < countof(this->reserved); i++) { reserved = payload_get_field(&ike_header->payload_interface, @@ -1288,7 +1243,6 @@ METHOD(message_t, parse_header, status_t, this->reserved[i] = *reserved; } } ->>>>>>> upstream/4.5.1 DBG2(DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type, this->is_request ? "request" : "response"); @@ -1305,8 +1259,6 @@ METHOD(message_t, parse_header, status_t, } /** -<<<<<<< HEAD -======= * Check if a payload is for a mediation extension connectivity check */ static bool is_connectivity_check(private_message_t *this, payload_t *payload) @@ -1332,7 +1284,6 @@ static bool is_connectivity_check(private_message_t *this, payload_t *payload) } /** ->>>>>>> upstream/4.5.1 * Decrypt payload from the encryption payload */ static status_t decrypt_payloads(private_message_t *this, aead_t *aead) @@ -1403,23 +1354,15 @@ static status_t decrypt_payloads(private_message_t *this, aead_t *aead) } encryption->destroy(encryption); } -<<<<<<< HEAD - if (type != UNKNOWN_PAYLOAD && !was_encrypted) -======= if (payload_is_known(type) && !was_encrypted && !is_connectivity_check(this, payload)) ->>>>>>> upstream/4.5.1 { rule = get_payload_rule(this, type); if (!rule || rule->encrypted) { DBG1(DBG_ENC, "payload type %N was not encrypted", payload_type_names, type); -<<<<<<< HEAD - status = VERIFY_ERROR; -======= status = FAILED; ->>>>>>> upstream/4.5.1 break; } } @@ -1434,10 +1377,7 @@ static status_t decrypt_payloads(private_message_t *this, aead_t *aead) */ static status_t verify(private_message_t *this) { -<<<<<<< HEAD -======= bool complete = FALSE; ->>>>>>> upstream/4.5.1 int i; DBG2(DBG_ENC, "verifying message structure"); @@ -1455,28 +1395,9 @@ static status_t verify(private_message_t *this) while (enumerator->enumerate(enumerator, &payload)) { payload_type_t type; -<<<<<<< HEAD - unknown_payload_t *unknown; - - type = payload->get_type(payload); - if (type == UNKNOWN_PAYLOAD) - { - /* unknown payloads are ignored if they are not critical */ - unknown = (unknown_payload_t*)payload; - if (unknown->is_critical(unknown)) - { - DBG1(DBG_ENC, "%N is not supported, but its critical!", - payload_type_names, type); - enumerator->destroy(enumerator); - return NOT_SUPPORTED; - } - } - else if (type == rule->type) -======= type = payload->get_type(payload); if (type == rule->type) ->>>>>>> upstream/4.5.1 { found++; DBG2(DBG_ENC, "found payload of type %N", @@ -1493,25 +1414,15 @@ static status_t verify(private_message_t *this) } enumerator->destroy(enumerator); -<<<<<<< HEAD - if (found < rule->min_occurence) -======= if (!complete && found < rule->min_occurence) ->>>>>>> upstream/4.5.1 { DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)", payload_type_names, rule->type, rule->min_occurence, found); return VERIFY_ERROR; } -<<<<<<< HEAD - if (rule->sufficient) - { - return SUCCESS; -======= if (found && rule->sufficient) { complete = TRUE; ->>>>>>> upstream/4.5.1 } } return SUCCESS; @@ -1540,11 +1451,7 @@ METHOD(message_t, parse_body, status_t, { DBG1(DBG_ENC, "payload type %N could not be parsed", payload_type_names, type); -<<<<<<< HEAD - return PARSE_ERROR; -======= return this->exchange_type == IKE_SA_INIT ? PARSE_ERROR : FAILED; ->>>>>>> upstream/4.5.1 } DBG2(DBG_ENC, "verifying payload of type %N", payload_type_names, type); @@ -1554,11 +1461,7 @@ METHOD(message_t, parse_body, status_t, DBG1(DBG_ENC, "%N payload verification failed", payload_type_names, type); payload->destroy(payload); -<<<<<<< HEAD - return VERIFY_ERROR; -======= return this->exchange_type == IKE_SA_INIT ? VERIFY_ERROR : FAILED; ->>>>>>> upstream/4.5.1 } DBG2(DBG_ENC, "%N payload verified. Adding to payload list", @@ -1576,22 +1479,11 @@ METHOD(message_t, parse_body, status_t, type = payload->get_next_type(payload); } -<<<<<<< HEAD - if (type == ENCRYPTED) - { - status = decrypt_payloads(this, aead); - if (status != SUCCESS) - { - DBG1(DBG_ENC, "could not decrypt payloads"); - return status; - } -======= status = decrypt_payloads(this, aead); if (status != SUCCESS) { DBG1(DBG_ENC, "could not decrypt payloads"); return status; ->>>>>>> upstream/4.5.1 } status = verify(this); @@ -1639,11 +1531,6 @@ message_t *message_create_from_packet(packet_t *packet) .get_first_payload_type = _get_first_payload_type, .set_request = _set_request, .get_request = _get_request, -<<<<<<< HEAD - .add_payload = _add_payload, - .add_notify = _add_notify, - .generate = _generate, -======= .set_version_flag = _set_version_flag, .get_reserved_header_bit = _get_reserved_header_bit, .set_reserved_header_bit = _set_reserved_header_bit, @@ -1652,16 +1539,12 @@ message_t *message_create_from_packet(packet_t *packet) .disable_sort = _disable_sort, .generate = _generate, .is_encoded = _is_encoded, ->>>>>>> upstream/4.5.1 .set_source = _set_source, .get_source = _get_source, .set_destination = _set_destination, .get_destination = _get_destination, .create_payload_enumerator = _create_payload_enumerator, -<<<<<<< HEAD -======= .remove_payload_at = _remove_payload_at, ->>>>>>> upstream/4.5.1 .get_payload = _get_payload, .get_notify = _get_notify, .parse_header = _parse_header, @@ -1670,11 +1553,8 @@ message_t *message_create_from_packet(packet_t *packet) .get_packet_data = _get_packet_data, .destroy = _destroy, }, -<<<<<<< HEAD -======= .major_version = IKE_MAJOR_VERSION, .minor_version = IKE_MINOR_VERSION, ->>>>>>> upstream/4.5.1 .exchange_type = EXCHANGE_TYPE_UNDEFINED, .is_request = TRUE, .first_payload = NO_PAYLOAD, diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h index dcc9b0577..51197308c 100644 --- a/src/libcharon/encoding/message.h +++ b/src/libcharon/encoding/message.h @@ -154,8 +154,6 @@ struct message_t { bool (*get_request) (message_t *this); /** -<<<<<<< HEAD -======= * Set the version flag in the IKE header. */ void (*set_version_flag)(message_t *this); @@ -176,7 +174,6 @@ struct message_t { void (*set_reserved_header_bit)(message_t *this, u_int nr); /** ->>>>>>> upstream/4.5.1 * Append a payload to the message. * * If the payload must be encrypted is not specified here. Encryption @@ -204,14 +201,11 @@ struct message_t { chunk_t data); /** -<<<<<<< HEAD -======= * Disable automatic payload sorting for this message. */ void (*disable_sort)(message_t *this); /** ->>>>>>> upstream/4.5.1 * Parses header of message. * * Begins parisng of a message created via message_create_from_packet(). @@ -237,11 +231,6 @@ struct message_t { * @param aead aead transform to verify/decrypt message * @return * - SUCCESS if parsing successful -<<<<<<< HEAD - * - NOT_SUPPORTED if ciritcal unknown payloads found - * - NOT_SUPPORTED if message type is not supported! -======= ->>>>>>> upstream/4.5.1 * - PARSE_ERROR if message parsing failed * - VERIFY_ERROR if message verification failed (bad syntax) * - FAILED if integrity check failed @@ -269,8 +258,6 @@ struct message_t { status_t (*generate) (message_t *this, aead_t *aead, packet_t **packet); /** -<<<<<<< HEAD -======= * Check if the message has already been encoded using generate(). * * @return TRUE if message has been encoded @@ -278,7 +265,6 @@ struct message_t { bool (*is_encoded)(message_t *this); /** ->>>>>>> upstream/4.5.1 * Gets the source host informations. * * @warning Returned host_t object is not getting cloned, @@ -326,8 +312,6 @@ struct message_t { enumerator_t * (*create_payload_enumerator) (message_t *this); /** -<<<<<<< HEAD -======= * Remove the payload at the current enumerator position. * * @param enumerator enumerator created by create_payload_enumerator() @@ -335,7 +319,6 @@ struct message_t { void (*remove_payload_at)(message_t *this, enumerator_t *enumerator); /** ->>>>>>> upstream/4.5.1 * Find a payload of a specific type. * * Returns the first occurance. diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c index 7a5ec8495..32cefb9e7 100644 --- a/src/libcharon/encoding/parser.c +++ b/src/libcharon/encoding/parser.c @@ -387,15 +387,6 @@ static status_t parse_payload(private_parser_t *this, DBG3(DBG_ENC, "parsing payload from %b", this->byte_pos, this->input_roof - this->byte_pos); -<<<<<<< HEAD - if (pld->get_type(pld) == UNKNOWN_PAYLOAD) - { - DBG1(DBG_ENC, " payload type %d is unknown, handling as %N", - payload_type, payload_type_names, UNKNOWN_PAYLOAD); - } - -======= ->>>>>>> upstream/4.5.1 /* base pointer for output, avoids casting in every rule */ output = pld; @@ -418,10 +409,7 @@ static status_t parse_payload(private_parser_t *this, break; } case U_INT_8: -<<<<<<< HEAD -======= case RESERVED_BYTE: ->>>>>>> upstream/4.5.1 { if (!parse_uint8(this, rule_number, output + rule->offset)) { @@ -440,10 +428,7 @@ static status_t parse_payload(private_parser_t *this, break; } case U_INT_32: -<<<<<<< HEAD -======= case HEADER_LENGTH: ->>>>>>> upstream/4.5.1 { if (!parse_uint32(this, rule_number, output + rule->offset)) { @@ -462,26 +447,6 @@ static status_t parse_payload(private_parser_t *this, break; } case RESERVED_BIT: -<<<<<<< HEAD - { - if (!parse_bit(this, rule_number, NULL)) - { - pld->destroy(pld); - return PARSE_ERROR; - } - break; - } - case RESERVED_BYTE: - { - if (!parse_uint8(this, rule_number, NULL)) - { - pld->destroy(pld); - return PARSE_ERROR; - } - break; - } -======= ->>>>>>> upstream/4.5.1 case FLAG: { if (!parse_bit(this, rule_number, output + rule->offset)) @@ -507,18 +472,6 @@ static status_t parse_payload(private_parser_t *this, } break; } -<<<<<<< HEAD - case HEADER_LENGTH: - { - if (!parse_uint32(this, rule_number, output + rule->offset)) - { - pld->destroy(pld); - return PARSE_ERROR; - } - break; - } -======= ->>>>>>> upstream/4.5.1 case SPI_SIZE: { if (!parse_uint8(this, rule_number, output + rule->offset)) diff --git a/src/libcharon/encoding/payloads/auth_payload.c b/src/libcharon/encoding/payloads/auth_payload.c index 25a57511a..cb44a997c 100644 --- a/src/libcharon/encoding/payloads/auth_payload.c +++ b/src/libcharon/encoding/payloads/auth_payload.c @@ -1,10 +1,6 @@ /* -<<<<<<< HEAD - * Copyright (C) 2005-2006 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -23,10 +19,6 @@ #include <encoding/payloads/encodings.h> -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 typedef struct private_auth_payload_t private_auth_payload_t; /** @@ -51,8 +43,6 @@ struct private_auth_payload_t { bool critical; /** -<<<<<<< HEAD -======= * Reserved bits */ bool reserved_bit[7]; @@ -63,7 +53,6 @@ struct private_auth_payload_t { u_int8_t reserved_byte[3]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -87,29 +76,6 @@ struct private_auth_payload_t { */ encoding_rule_t auth_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ -<<<<<<< HEAD - { U_INT_8, offsetof(private_auth_payload_t, next_payload) }, - /* the critical bit */ - { FLAG, offsetof(private_auth_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - /* Length of the whole payload*/ - { PAYLOAD_LENGTH, offsetof(private_auth_payload_t, payload_length)}, - /* 1 Byte AUTH type*/ - { U_INT_8, offsetof(private_auth_payload_t, auth_method) }, - /* 3 reserved bytes */ - { RESERVED_BYTE, 0 }, - { RESERVED_BYTE, 0 }, - { RESERVED_BYTE, 0 }, - /* some auth data bytes, length is defined in PAYLOAD_LENGTH */ - { AUTH_DATA, offsetof(private_auth_payload_t, auth_data) } -======= { U_INT_8, offsetof(private_auth_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_auth_payload_t, critical) }, @@ -131,7 +97,6 @@ encoding_rule_t auth_payload_encodings[] = { { RESERVED_BYTE, offsetof(private_auth_payload_t, reserved_byte[2]) }, /* some auth data bytes, length is defined in PAYLOAD_LENGTH */ { AUTH_DATA, offsetof(private_auth_payload_t, auth_data) } ->>>>>>> upstream/4.5.1 }; /* @@ -148,36 +113,6 @@ encoding_rule_t auth_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_auth_payload_t *this) -{ - if (this->auth_method == 0 || - (this->auth_method >= 4 && this->auth_method <= 8) || - (this->auth_method >= 12 && this->auth_method <= 200)) - { - /* reserved IDs */ - return FAILED; - } - return SUCCESS; -} - -/** - * Implementation of auth_payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_auth_payload_t *this, encoding_rule_t **rules, size_t *rule_count) -{ - *rules = auth_payload_encodings; - *rule_count = sizeof(auth_payload_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_payload_type(private_auth_payload_t *this) -======= METHOD(payload_t, verify, status_t, private_auth_payload_t *this) { @@ -193,25 +128,10 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_auth_payload_t *this) ->>>>>>> upstream/4.5.1 { return AUTHENTICATION; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_auth_payload_t *this) -{ - return (this->next_payload); -} - -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_auth_payload_t *this,payload_type_t type) -======= METHOD(payload_t, get_next_type, payload_type_t, private_auth_payload_t *this) { @@ -220,94 +140,22 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_auth_payload_t *this, payload_type_t type) ->>>>>>> upstream/4.5.1 { this->next_payload = type; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_auth_payload_t *this) -======= METHOD(payload_t, get_length, size_t, private_auth_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->payload_length; } -<<<<<<< HEAD -/** - * Implementation of auth_payload_t.set_auth_method. - */ -static void set_auth_method (private_auth_payload_t *this, auth_method_t method) -======= METHOD(auth_payload_t, set_auth_method, void, private_auth_payload_t *this, auth_method_t method) ->>>>>>> upstream/4.5.1 { this->auth_method = method; } -<<<<<<< HEAD -/** - * Implementation of auth_payload_t.get_auth_method. - */ -static auth_method_t get_auth_method (private_auth_payload_t *this) -{ - return (this->auth_method); -} - -/** - * Implementation of auth_payload_t.set_data. - */ -static void set_data (private_auth_payload_t *this, chunk_t data) -{ - if (this->auth_data.ptr != NULL) - { - chunk_free(&(this->auth_data)); - } - this->auth_data.ptr = clalloc(data.ptr,data.len); - this->auth_data.len = data.len; - this->payload_length = AUTH_PAYLOAD_HEADER_LENGTH + this->auth_data.len; -} - -/** - * Implementation of auth_payload_t.get_data. - */ -static chunk_t get_data (private_auth_payload_t *this) -{ - return (this->auth_data); -} - -/** - * Implementation of auth_payload_t.get_data_clone. - */ -static chunk_t get_data_clone (private_auth_payload_t *this) -{ - chunk_t cloned_data; - if (this->auth_data.ptr == NULL) - { - return (this->auth_data); - } - cloned_data.ptr = clalloc(this->auth_data.ptr,this->auth_data.len); - cloned_data.len = this->auth_data.len; - return cloned_data; -} - -/** - * Implementation of payload_t.destroy and auth_payload_t.destroy. - */ -static void destroy(private_auth_payload_t *this) -{ - if (this->auth_data.ptr != NULL) - { - chunk_free(&(this->auth_data)); - } - -======= METHOD(auth_payload_t, get_auth_method, auth_method_t, private_auth_payload_t *this) { @@ -332,7 +180,6 @@ METHOD2(payload_t, auth_payload_t, destroy, void, private_auth_payload_t *this) { free(this->auth_data.ptr); ->>>>>>> upstream/4.5.1 free(this); } @@ -341,34 +188,6 @@ METHOD2(payload_t, auth_payload_t, destroy, void, */ auth_payload_t *auth_payload_create() { -<<<<<<< HEAD - private_auth_payload_t *this = malloc_thing(private_auth_payload_t); - - /* interface functions */ - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.destroy = (void (*) (auth_payload_t *)) destroy; - this->public.set_auth_method = (void (*) (auth_payload_t *,auth_method_t)) set_auth_method; - this->public.get_auth_method = (auth_method_t (*) (auth_payload_t *)) get_auth_method; - this->public.set_data = (void (*) (auth_payload_t *,chunk_t)) set_data; - this->public.get_data_clone = (chunk_t (*) (auth_payload_t *)) get_data_clone; - this->public.get_data = (chunk_t (*) (auth_payload_t *)) get_data; - - /* private variables */ - this->critical = FALSE; - this->next_payload = NO_PAYLOAD; - this->payload_length =AUTH_PAYLOAD_HEADER_LENGTH; - this->auth_data = chunk_empty; - - return (&(this->public)); -======= private_auth_payload_t *this; INIT(this, @@ -392,5 +211,4 @@ auth_payload_t *auth_payload_create() .payload_length = AUTH_PAYLOAD_HEADER_LENGTH, ); return &this->public; ->>>>>>> upstream/4.5.1 } diff --git a/src/libcharon/encoding/payloads/auth_payload.h b/src/libcharon/encoding/payloads/auth_payload.h index c28fc1e06..e4c4e6ae3 100644 --- a/src/libcharon/encoding/payloads/auth_payload.h +++ b/src/libcharon/encoding/payloads/auth_payload.h @@ -62,35 +62,13 @@ struct auth_payload_t { /** * Set the AUTH data. * -<<<<<<< HEAD - * Data gets cloned. - * - * @param data AUTH data as chunk_t -======= * @param data AUTH data as chunk_t, gets cloned ->>>>>>> upstream/4.5.1 */ void (*set_data) (auth_payload_t *this, chunk_t data); /** * Get the AUTH data. * -<<<<<<< HEAD - * Returned data are a copy of the internal one. - * - * @return AUTH data as chunk_t - */ - chunk_t (*get_data_clone) (auth_payload_t *this); - - /** - * Get the AUTH data. - * - * Returned data are NOT copied - * - * @return AUTH data as chunk_t - */ - chunk_t (*get_data) (auth_payload_t *this); -======= * @return AUTH data as chunk_t, internal data */ chunk_t (*get_data) (auth_payload_t *this); @@ -109,7 +87,6 @@ struct auth_payload_t { * @param nr number of the reserved bit, 0-6 */ void (*set_reserved_bit)(auth_payload_t *this, u_int nr); ->>>>>>> upstream/4.5.1 /** * Destroys an auth_payload_t object. diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c index 6a28cd658..c42cec680 100644 --- a/src/libcharon/encoding/payloads/cert_payload.c +++ b/src/libcharon/encoding/payloads/cert_payload.c @@ -1,11 +1,7 @@ /* * Copyright (C) 2008 Tobias Brunner -<<<<<<< HEAD - * Copyright (C) 2005-2007 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -48,15 +44,9 @@ typedef struct private_cert_payload_t private_cert_payload_t; /** * Private data of an cert_payload_t object. -<<<<<<< HEAD - * - */ -struct private_cert_payload_t { -======= */ struct private_cert_payload_t { ->>>>>>> upstream/4.5.1 /** * Public cert_payload_t interface. */ @@ -73,14 +63,11 @@ struct private_cert_payload_t { bool critical; /** -<<<<<<< HEAD -======= * reserved bits */ bool reserved[7]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -110,19 +97,6 @@ struct private_cert_payload_t { */ encoding_rule_t cert_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ -<<<<<<< HEAD - { U_INT_8, offsetof(private_cert_payload_t, next_payload) }, - /* the critical bit */ - { FLAG, offsetof(private_cert_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, -======= { U_INT_8, offsetof(private_cert_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_cert_payload_t, critical) }, @@ -134,17 +108,12 @@ encoding_rule_t cert_payload_encodings[] = { { RESERVED_BIT, offsetof(private_cert_payload_t, reserved[4]) }, { RESERVED_BIT, offsetof(private_cert_payload_t, reserved[5]) }, { RESERVED_BIT, offsetof(private_cert_payload_t, reserved[6]) }, ->>>>>>> upstream/4.5.1 /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_cert_payload_t, payload_length)}, /* 1 Byte CERT type*/ { U_INT_8, offsetof(private_cert_payload_t, encoding) }, /* some cert data bytes, length is defined in PAYLOAD_LENGTH */ -<<<<<<< HEAD - { CERT_DATA, offsetof(private_cert_payload_t, data) } -======= { CERT_DATA, offsetof(private_cert_payload_t, data) } ->>>>>>> upstream/4.5.1 }; /* @@ -160,43 +129,23 @@ encoding_rule_t cert_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_cert_payload_t *this) -======= METHOD(payload_t, verify, status_t, private_cert_payload_t *this) ->>>>>>> upstream/4.5.1 { if (this->encoding == ENC_X509_HASH_AND_URL || this->encoding == ENC_X509_HASH_AND_URL_BUNDLE) { -<<<<<<< HEAD -======= int i; ->>>>>>> upstream/4.5.1 /* coarse verification of "Hash and URL" encoded certificates */ if (this->data.len <= 20) { DBG1(DBG_ENC, "invalid payload length for hash-and-url (%d), ignore", -<<<<<<< HEAD - this->data.len); - this->invalid_hash_and_url = TRUE; - return SUCCESS; - } - - int i = 20; /* skipping the hash */ - for (; i < this->data.len; ++i) -======= this->data.len); this->invalid_hash_and_url = TRUE; return SUCCESS; } for (i = 20; i < this->data.len; ++i) ->>>>>>> upstream/4.5.1 { if (this->data.ptr[i] == '\0') { @@ -206,47 +155,17 @@ METHOD(payload_t, verify, status_t, else if (!isprint(this->data.ptr[i])) { DBG1(DBG_ENC, "non printable characters in url of hash-and-url" -<<<<<<< HEAD - " encoded certificate payload, ignore"); -======= " encoded certificate payload, ignore"); ->>>>>>> upstream/4.5.1 this->invalid_hash_and_url = TRUE; return SUCCESS; } } -<<<<<<< HEAD - - /* URL is not null terminated, correct that */ - chunk_t data = chunk_alloc(this->data.len + 1); - memcpy(data.ptr, this->data.ptr, this->data.len); - data.ptr[this->data.len] = '\0'; - chunk_free(&this->data); - this->data = data; -======= /* URL is not null terminated, correct that */ this->data = chunk_cat("mc", this->data, chunk_from_chars(0)); ->>>>>>> upstream/4.5.1 } return SUCCESS; } -<<<<<<< HEAD -/** - * Implementation of cert_payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_cert_payload_t *this, - encoding_rule_t **rules, size_t *rule_count) -{ - *rules = cert_payload_encodings; - *rule_count = sizeof(cert_payload_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_payload_type(private_cert_payload_t *this) -======= METHOD(payload_t, get_encoding_rules, void, private_cert_payload_t *this, encoding_rule_t **rules, size_t *rule_count) { @@ -256,87 +175,34 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_cert_payload_t *this) ->>>>>>> upstream/4.5.1 { return CERTIFICATE; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_cert_payload_t *this) -======= METHOD(payload_t, get_next_type, payload_type_t, private_cert_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->next_payload; } -<<<<<<< HEAD -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_cert_payload_t *this,payload_type_t type) -======= METHOD(payload_t, set_next_type, void, private_cert_payload_t *this, payload_type_t type) ->>>>>>> upstream/4.5.1 { this->next_payload = type; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_cert_payload_t *this) -======= METHOD(payload_t, get_length, size_t, private_cert_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->payload_length; } -<<<<<<< HEAD -/** - * Implementation of cert_payload_t.get_cert_encoding. - */ -static cert_encoding_t get_cert_encoding(private_cert_payload_t *this) -======= METHOD(cert_payload_t, get_cert_encoding, cert_encoding_t, private_cert_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->encoding; } -<<<<<<< HEAD -/** - * Implementation of cert_payload_t.get_cert. - */ -static certificate_t *get_cert(private_cert_payload_t *this) -{ - if (this->encoding != ENC_X509_SIGNATURE) - { - return NULL; - } - return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_BLOB_ASN1_DER, this->data, - BUILD_END); -} - -/** - * Implementation of cert_payload_t.get_hash. - */ -static chunk_t get_hash(private_cert_payload_t *this) -{ - chunk_t hash = chunk_empty; - if ((this->encoding != ENC_X509_HASH_AND_URL && - this->encoding != ENC_X509_HASH_AND_URL_BUNDLE) || -======= METHOD(cert_payload_t, get_cert, certificate_t*, private_cert_payload_t *this) { @@ -364,7 +230,6 @@ METHOD(cert_payload_t, get_hash, chunk_t, if ((this->encoding != ENC_X509_HASH_AND_URL && this->encoding != ENC_X509_HASH_AND_URL_BUNDLE) || ->>>>>>> upstream/4.5.1 this->invalid_hash_and_url) { return hash; @@ -374,21 +239,11 @@ METHOD(cert_payload_t, get_hash, chunk_t, return hash; } -<<<<<<< HEAD -/** - * Implementation of cert_payload_t.get_url. - */ -static char *get_url(private_cert_payload_t *this) -{ - if ((this->encoding != ENC_X509_HASH_AND_URL && - this->encoding != ENC_X509_HASH_AND_URL_BUNDLE) || -======= METHOD(cert_payload_t, get_url, char*, private_cert_payload_t *this) { if ((this->encoding != ENC_X509_HASH_AND_URL && this->encoding != ENC_X509_HASH_AND_URL_BUNDLE) || ->>>>>>> upstream/4.5.1 this->invalid_hash_and_url) { return NULL; @@ -396,19 +251,10 @@ METHOD(cert_payload_t, get_url, char*, return (char*)this->data.ptr + 20; } -<<<<<<< HEAD -/** - * Implementation of payload_t.destroy and cert_payload_t.destroy. - */ -static void destroy(private_cert_payload_t *this) -{ - chunk_free(&this->data); -======= METHOD2(payload_t, cert_payload_t, destroy, void, private_cert_payload_t *this) { free(this->data.ptr); ->>>>>>> upstream/4.5.1 free(this); } @@ -417,31 +263,6 @@ METHOD2(payload_t, cert_payload_t, destroy, void, */ cert_payload_t *cert_payload_create() { -<<<<<<< HEAD - private_cert_payload_t *this = malloc_thing(private_cert_payload_t); - - this->public.payload_interface.verify = (status_t (*) (payload_t*))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t*,encoding_rule_t**, size_t*))get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t*))get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t*))get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type; - this->public.payload_interface.destroy = (void (*) (payload_t*))destroy; - - this->public.destroy = (void (*) (cert_payload_t*))destroy; - this->public.get_cert = (certificate_t* (*) (cert_payload_t*))get_cert; - this->public.get_cert_encoding = (cert_encoding_t (*) (cert_payload_t*))get_cert_encoding; - this->public.get_hash = (chunk_t (*) (cert_payload_t*))get_hash; - this->public.get_url = (char* (*) (cert_payload_t*))get_url; - - this->critical = FALSE; - this->next_payload = NO_PAYLOAD; - this->payload_length = CERT_PAYLOAD_HEADER_LENGTH; - this->data = chunk_empty; - this->encoding = 0; - this->invalid_hash_and_url = FALSE; - -======= private_cert_payload_t *this; INIT(this, @@ -464,7 +285,6 @@ cert_payload_t *cert_payload_create() .next_payload = NO_PAYLOAD, .payload_length = CERT_PAYLOAD_HEADER_LENGTH, ); ->>>>>>> upstream/4.5.1 return &this->public; } @@ -509,8 +329,6 @@ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url) return &this->public; } -<<<<<<< HEAD -======= /* * Described in header */ @@ -523,4 +341,3 @@ cert_payload_t *cert_payload_create_custom(cert_encoding_t type, chunk_t data) this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->data.len; return &this->public; } ->>>>>>> upstream/4.5.1 diff --git a/src/libcharon/encoding/payloads/cert_payload.h b/src/libcharon/encoding/payloads/cert_payload.h index 74d2b3cd2..21b503a40 100644 --- a/src/libcharon/encoding/payloads/cert_payload.h +++ b/src/libcharon/encoding/payloads/cert_payload.h @@ -134,8 +134,6 @@ cert_payload_t *cert_payload_create_from_cert(certificate_t *cert); */ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url); -<<<<<<< HEAD -======= /** * Creates a custom certificate payload using type and associated data. * @@ -145,5 +143,4 @@ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url); */ cert_payload_t *cert_payload_create_custom(cert_encoding_t type, chunk_t data); ->>>>>>> upstream/4.5.1 #endif /** CERT_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c index 0c59fd66d..8e0836f0e 100644 --- a/src/libcharon/encoding/payloads/certreq_payload.c +++ b/src/libcharon/encoding/payloads/certreq_payload.c @@ -1,10 +1,6 @@ /* -<<<<<<< HEAD - * Copyright (C) 2005-2006 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -27,23 +23,13 @@ #include "certreq_payload.h" -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 typedef struct private_certreq_payload_t private_certreq_payload_t; /** * Private data of an certreq_payload_t object. -<<<<<<< HEAD - * - */ -struct private_certreq_payload_t { -======= */ struct private_certreq_payload_t { ->>>>>>> upstream/4.5.1 /** * Public certreq_payload_t interface. */ @@ -60,14 +46,11 @@ struct private_certreq_payload_t { bool critical; /** -<<<<<<< HEAD -======= * Reserved bits */ bool reserved[7]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -88,23 +71,6 @@ struct private_certreq_payload_t { * * The defined offsets are the positions in a object of type * private_certreq_payload_t. -<<<<<<< HEAD - * - */ -encoding_rule_t certreq_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ - { U_INT_8, offsetof(private_certreq_payload_t, next_payload) }, - /* the critical bit */ - { FLAG, offsetof(private_certreq_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, -======= */ encoding_rule_t certreq_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -119,7 +85,6 @@ encoding_rule_t certreq_payload_encodings[] = { { RESERVED_BIT, offsetof(private_certreq_payload_t, reserved[4]) }, { RESERVED_BIT, offsetof(private_certreq_payload_t, reserved[5]) }, { RESERVED_BIT, offsetof(private_certreq_payload_t, reserved[6]) }, ->>>>>>> upstream/4.5.1 /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_certreq_payload_t, payload_length) }, /* 1 Byte CERTREQ type*/ @@ -141,15 +106,8 @@ encoding_rule_t certreq_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_certreq_payload_t *this) -======= METHOD(payload_t, verify, status_t, private_certreq_payload_t *this) ->>>>>>> upstream/4.5.1 { if (this->encoding == ENC_X509_SIGNATURE) { @@ -164,21 +122,6 @@ METHOD(payload_t, verify, status_t, return SUCCESS; } -<<<<<<< HEAD -/** - * Implementation of certreq_payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_certreq_payload_t *this, encoding_rule_t **rules, size_t *rule_count) -{ - *rules = certreq_payload_encodings; - *rule_count = sizeof(certreq_payload_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_payload_type(private_certreq_payload_t *this) -======= METHOD(payload_t, get_encoding_rules, void, private_certreq_payload_t *this, encoding_rule_t **rules, size_t *rule_count) { @@ -188,25 +131,10 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_certreq_payload_t *this) ->>>>>>> upstream/4.5.1 { return CERTIFICATE_REQUEST; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_certreq_payload_t *this) -{ - return (this->next_payload); -} - -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_certreq_payload_t *this,payload_type_t type) -======= METHOD(payload_t, get_next_type, payload_type_t, private_certreq_payload_t *this) { @@ -215,33 +143,18 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_certreq_payload_t *this, payload_type_t type) ->>>>>>> upstream/4.5.1 { this->next_payload = type; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_certreq_payload_t *this) -======= METHOD(payload_t, get_length, size_t, private_certreq_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->payload_length; } -<<<<<<< HEAD -/** - * Implementation of certreq_payload_t.add_keyid. - */ -static void add_keyid(private_certreq_payload_t *this, chunk_t keyid) -======= METHOD(certreq_payload_t, add_keyid, void, private_certreq_payload_t *this, chunk_t keyid) ->>>>>>> upstream/4.5.1 { this->data = chunk_cat("mc", this->data, keyid); this->payload_length += keyid.len; @@ -258,15 +171,8 @@ struct keyid_enumerator_t { u_char *pos; }; -<<<<<<< HEAD -/** - * enumerate function for keyid_enumerator - */ -static bool keyid_enumerate(keyid_enumerator_t *this, chunk_t *chunk) -======= METHOD(enumerator_t, keyid_enumerate, bool, keyid_enumerator_t *this, chunk_t *chunk) ->>>>>>> upstream/4.5.1 { if (this->pos == NULL) { @@ -289,25 +195,6 @@ METHOD(enumerator_t, keyid_enumerate, bool, return FALSE; } -<<<<<<< HEAD -/** - * Implementation of certreq_payload_t.create_keyid_enumerator. - */ -static enumerator_t* create_keyid_enumerator(private_certreq_payload_t *this) -{ - keyid_enumerator_t *enumerator = malloc_thing(keyid_enumerator_t); - enumerator->public.enumerate = (void*)keyid_enumerate; - enumerator->public.destroy = (void*)free; - enumerator->full = this->data; - enumerator->pos = NULL; - return &enumerator->public; -} - -/** - * Implementation of certreq_payload_t.get_cert_type. - */ -static certificate_type_t get_cert_type(private_certreq_payload_t *this) -======= METHOD(certreq_payload_t, create_keyid_enumerator, enumerator_t*, private_certreq_payload_t *this) { @@ -325,7 +212,6 @@ METHOD(certreq_payload_t, create_keyid_enumerator, enumerator_t*, METHOD(certreq_payload_t, get_cert_type, certificate_type_t, private_certreq_payload_t *this) ->>>>>>> upstream/4.5.1 { switch (this->encoding) { @@ -336,15 +222,8 @@ METHOD(certreq_payload_t, get_cert_type, certificate_type_t, } } -<<<<<<< HEAD -/** - * Implementation of payload_t.destroy and certreq_payload_t.destroy. - */ -static void destroy(private_certreq_payload_t *this) -======= METHOD2(payload_t, certreq_payload_t, destroy, void, private_certreq_payload_t *this) ->>>>>>> upstream/4.5.1 { chunk_free(&this->data); free(this); @@ -355,32 +234,6 @@ METHOD2(payload_t, certreq_payload_t, destroy, void, */ certreq_payload_t *certreq_payload_create() { -<<<<<<< HEAD - private_certreq_payload_t *this = malloc_thing(private_certreq_payload_t); - - /* interface functions */ - this->public.payload_interface.verify = (status_t (*) (payload_t*))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t*,encoding_rule_t**,size_t*))get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t*))get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t*))get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type; - this->public.payload_interface.destroy = (void (*) (payload_t*))destroy; - - /* public functions */ - this->public.destroy = (void (*) (certreq_payload_t*)) destroy; - this->public.create_keyid_enumerator = (enumerator_t*(*)(certreq_payload_t*))create_keyid_enumerator; - this->public.get_cert_type = (certificate_type_t(*)(certreq_payload_t*))get_cert_type; - this->public.add_keyid = (void(*)(certreq_payload_t*, chunk_t keyid))add_keyid; - - /* private variables */ - this->critical = FALSE; - this->next_payload = NO_PAYLOAD; - this->payload_length = CERTREQ_PAYLOAD_HEADER_LENGTH; - this->data = chunk_empty; - this->encoding = 0; - -======= private_certreq_payload_t *this; INIT(this, @@ -402,7 +255,6 @@ certreq_payload_t *certreq_payload_create() .next_payload = NO_PAYLOAD, .payload_length = CERTREQ_PAYLOAD_HEADER_LENGTH, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c index 1ef8be800..e608497bd 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.c +++ b/src/libcharon/encoding/payloads/configuration_attribute.c @@ -1,10 +1,6 @@ /* -<<<<<<< HEAD - * Copyright (C) 2005-2009 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -27,37 +23,24 @@ #include <library.h> #include <daemon.h> -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 typedef struct private_configuration_attribute_t private_configuration_attribute_t; /** * Private data of an configuration_attribute_t object. -<<<<<<< HEAD - * - */ -struct private_configuration_attribute_t { -======= */ struct private_configuration_attribute_t { ->>>>>>> upstream/4.5.1 /** * Public configuration_attribute_t interface. */ configuration_attribute_t public; /** -<<<<<<< HEAD -======= * Reserved bit */ bool reserved; /** ->>>>>>> upstream/4.5.1 * Type of the attribute. */ u_int16_t type; @@ -80,13 +63,8 @@ struct private_configuration_attribute_t { * private_configuration_attribute_t. */ encoding_rule_t configuration_attribute_encodings[] = { -<<<<<<< HEAD - - { RESERVED_BIT, 0 }, -======= /* 1 reserved bit */ { RESERVED_BIT, offsetof(private_configuration_attribute_t, reserved)}, ->>>>>>> upstream/4.5.1 /* type of the attribute as 15 bit unsigned integer */ { ATTRIBUTE_TYPE, offsetof(private_configuration_attribute_t, type) }, /* Length of attribute value */ @@ -107,15 +85,8 @@ encoding_rule_t configuration_attribute_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_configuration_attribute_t *this) -======= METHOD(payload_t, verify, status_t, private_configuration_attribute_t *this) ->>>>>>> upstream/4.5.1 { bool failed = FALSE; @@ -183,22 +154,6 @@ METHOD(payload_t, verify, status_t, return SUCCESS; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_configuration_attribute_t *this, - encoding_rule_t **rules, size_t *rule_count) -{ - *rules = configuration_attribute_encodings; - *rule_count = sizeof(configuration_attribute_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_type(private_configuration_attribute_t *this) -======= METHOD(payload_t, get_encoding_rules, void, private_configuration_attribute_t *this, encoding_rule_t **rules, size_t *rule_count) @@ -209,38 +164,16 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_configuration_attribute_t *this) ->>>>>>> upstream/4.5.1 { return CONFIGURATION_ATTRIBUTE; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_configuration_attribute_t *this) -======= METHOD(payload_t, get_next_type, payload_type_t, private_configuration_attribute_t *this) ->>>>>>> upstream/4.5.1 { return NO_PAYLOAD; } -<<<<<<< HEAD -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_configuration_attribute_t *this, - payload_type_t type) -{ -} - -/** - * Implementation of configuration_attribute_t.get_length. - */ -static size_t get_length(private_configuration_attribute_t *this) -======= METHOD(payload_t, set_next_type, void, private_configuration_attribute_t *this, payload_type_t type) { @@ -248,47 +181,24 @@ METHOD(payload_t, set_next_type, void, METHOD(payload_t, get_length, size_t, private_configuration_attribute_t *this) ->>>>>>> upstream/4.5.1 { return this->value.len + CONFIGURATION_ATTRIBUTE_HEADER_LENGTH; } -<<<<<<< HEAD -/** - * Implementation of configuration_attribute_t.get_type. - */ -static configuration_attribute_type_t get_configuration_attribute_type( - private_configuration_attribute_t *this) -======= METHOD(configuration_attribute_t, get_cattr_type, configuration_attribute_type_t, private_configuration_attribute_t *this) ->>>>>>> upstream/4.5.1 { return this->type; } -<<<<<<< HEAD -/** - * Implementation of configuration_attribute_t.get_value. - */ -static chunk_t get_value(private_configuration_attribute_t *this) -======= METHOD(configuration_attribute_t, get_value, chunk_t, private_configuration_attribute_t *this) ->>>>>>> upstream/4.5.1 { return this->value; } -<<<<<<< HEAD -/** - * Implementation of configuration_attribute_t.destroy and payload_t.destroy. - */ -static void destroy(private_configuration_attribute_t *this) -======= METHOD2(payload_t, configuration_attribute_t, destroy, void, private_configuration_attribute_t *this) ->>>>>>> upstream/4.5.1 { free(this->value.ptr); free(this); @@ -301,25 +211,6 @@ configuration_attribute_t *configuration_attribute_create() { private_configuration_attribute_t *this; -<<<<<<< HEAD - this = malloc_thing(private_configuration_attribute_t); - this->public.payload_interface.verify = (status_t(*)(payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void(*)(payload_t *, encoding_rule_t **, size_t *) )get_encoding_rules; - this->public.payload_interface.get_length = (size_t(*)(payload_t *))get_length; - this->public.payload_interface.get_next_type = (payload_type_t(*)(payload_t *))get_next_type; - this->public.payload_interface.set_next_type = (void(*)(payload_t *,payload_type_t))set_next_type; - this->public.payload_interface.get_type = (payload_type_t(*)(payload_t *))get_type; - this->public.payload_interface.destroy = (void(*)(payload_t*))destroy; - - this->public.get_value = (chunk_t(*)(configuration_attribute_t *))get_value; - this->public.get_type = (configuration_attribute_type_t(*)(configuration_attribute_t *))get_configuration_attribute_type; - this->public.destroy = (void (*)(configuration_attribute_t*))destroy; - - this->type = 0; - this->value = chunk_empty; - this->length = 0; - -======= INIT(this, .public = { .payload_interface = { @@ -336,7 +227,6 @@ configuration_attribute_t *configuration_attribute_create() .destroy = _destroy, }, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c index d8779d27f..82e9e51b7 100644 --- a/src/libcharon/encoding/payloads/cp_payload.c +++ b/src/libcharon/encoding/payloads/cp_payload.c @@ -1,10 +1,6 @@ /* -<<<<<<< HEAD - * Copyright (C) 2005-2009 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -37,15 +33,9 @@ typedef struct private_cp_payload_t private_cp_payload_t; /** * Private data of an cp_payload_t object. -<<<<<<< HEAD - * - */ -struct private_cp_payload_t { -======= */ struct private_cp_payload_t { ->>>>>>> upstream/4.5.1 /** * Public cp_payload_t interface. */ @@ -62,8 +52,6 @@ struct private_cp_payload_t { bool critical; /** -<<<<<<< HEAD -======= * Reserved bits */ bool reserved_bit[7]; @@ -74,7 +62,6 @@ struct private_cp_payload_t { u_int8_t reserved_byte[3]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -95,32 +82,6 @@ struct private_cp_payload_t { * * The defined offsets are the positions in a object of type * private_cp_payload_t. -<<<<<<< HEAD - * - */ -encoding_rule_t cp_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ - { U_INT_8, offsetof(private_cp_payload_t, next_payload) }, - /* the critical bit */ - { FLAG, offsetof(private_cp_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - /* Length of the whole CP payload*/ - { PAYLOAD_LENGTH, offsetof(private_cp_payload_t, payload_length) }, - /* Proposals are stored in a proposal substructure, - offset points to a linked_list_t pointer */ - { U_INT_8, offsetof(private_cp_payload_t, type) }, - { RESERVED_BYTE,0 }, - { RESERVED_BYTE,0 }, - { RESERVED_BYTE,0 }, - { CONFIGURATION_ATTRIBUTES, offsetof(private_cp_payload_t, attributes) } -======= */ encoding_rule_t cp_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -145,7 +106,6 @@ encoding_rule_t cp_payload_encodings[] = { { RESERVED_BYTE, offsetof(private_cp_payload_t, reserved_byte[1])}, { RESERVED_BYTE, offsetof(private_cp_payload_t, reserved_byte[2])}, { CONFIGURATION_ATTRIBUTES, offsetof(private_cp_payload_t, attributes) } ->>>>>>> upstream/4.5.1 }; /* @@ -162,15 +122,8 @@ encoding_rule_t cp_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_cp_payload_t *this) -======= METHOD(payload_t, verify, status_t, private_cp_payload_t *this) ->>>>>>> upstream/4.5.1 { status_t status = SUCCESS; enumerator_t *enumerator; @@ -189,22 +142,6 @@ METHOD(payload_t, verify, status_t, return status; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_cp_payload_t *this, - encoding_rule_t **rules, size_t *rule_count) -{ - *rules = cp_payload_encodings; - *rule_count = sizeof(cp_payload_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_type(private_cp_payload_t *this) -======= METHOD(payload_t, get_encoding_rules, void, private_cp_payload_t *this, encoding_rule_t **rules, size_t *rule_count) { @@ -214,33 +151,18 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_cp_payload_t *this) ->>>>>>> upstream/4.5.1 { return CONFIGURATION; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_cp_payload_t *this) -======= METHOD(payload_t, get_next_type, payload_type_t, private_cp_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->next_payload; } -<<<<<<< HEAD -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_cp_payload_t *this,payload_type_t type) -======= METHOD(payload_t, set_next_type, void, private_cp_payload_t *this,payload_type_t type) ->>>>>>> upstream/4.5.1 { this->next_payload = type; } @@ -263,69 +185,33 @@ static void compute_length(private_cp_payload_t *this) enumerator->destroy(enumerator); } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_cp_payload_t *this) -======= METHOD(payload_t, get_length, size_t, private_cp_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->payload_length; } -<<<<<<< HEAD -/** - * Implementation of cp_payload_t.create_attribute_enumerator. - */ -static enumerator_t *create_attribute_enumerator(private_cp_payload_t *this) -======= METHOD(cp_payload_t, create_attribute_enumerator, enumerator_t*, private_cp_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->attributes->create_enumerator(this->attributes); } -<<<<<<< HEAD -/** - * Implementation of cp_payload_t.add_attribute. - */ -static void add_attribute(private_cp_payload_t *this, - configuration_attribute_t *attribute) -======= METHOD(cp_payload_t, add_attribute, void, private_cp_payload_t *this, configuration_attribute_t *attribute) ->>>>>>> upstream/4.5.1 { this->attributes->insert_last(this->attributes, attribute); compute_length(this); } -<<<<<<< HEAD -/** - * Implementation of cp_payload_t.get_type. - */ -static config_type_t get_config_type(private_cp_payload_t *this) -======= METHOD(cp_payload_t, get_config_type, config_type_t, private_cp_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->type; } -<<<<<<< HEAD -/** - * Implementation of payload_t.destroy and cp_payload_t.destroy. - */ -static void destroy(private_cp_payload_t *this) -======= METHOD2(payload_t, cp_payload_t, destroy, void, private_cp_payload_t *this) ->>>>>>> upstream/4.5.1 { this->attributes->destroy_offset(this->attributes, offsetof(configuration_attribute_t, destroy)); @@ -335,32 +221,6 @@ METHOD2(payload_t, cp_payload_t, destroy, void, /* * Described in header. */ -<<<<<<< HEAD -cp_payload_t *cp_payload_create() -{ - private_cp_payload_t *this = malloc_thing(private_cp_payload_t); - - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - this->public.create_attribute_enumerator = (enumerator_t*(*)(cp_payload_t *))create_attribute_enumerator; - this->public.add_attribute = (void (*) (cp_payload_t *,configuration_attribute_t*))add_attribute; - this->public.get_type = (config_type_t (*) (cp_payload_t *))get_config_type; - this->public.destroy = (void (*)(cp_payload_t *))destroy; - - /* set default values of the fields */ - this->critical = FALSE; - this->next_payload = NO_PAYLOAD; - this->payload_length = CP_PAYLOAD_HEADER_LENGTH; - this->attributes = linked_list_create(); - this->type = CFG_REQUEST; - -======= cp_payload_t *cp_payload_create_type(config_type_t type) { private_cp_payload_t *this; @@ -386,26 +246,13 @@ cp_payload_t *cp_payload_create_type(config_type_t type) .attributes = linked_list_create(), .type = type, ); ->>>>>>> upstream/4.5.1 return &this->public; } /* * Described in header. */ -<<<<<<< HEAD -cp_payload_t *cp_payload_create_type(config_type_t type) -{ - private_cp_payload_t *this = (private_cp_payload_t*)cp_payload_create(); - - this->type = type; - - return &this->public; -} - -======= cp_payload_t *cp_payload_create() { return cp_payload_create_type(CFG_REQUEST); } ->>>>>>> upstream/4.5.1 diff --git a/src/libcharon/encoding/payloads/delete_payload.c b/src/libcharon/encoding/payloads/delete_payload.c index 4e94ff417..e6ee07d39 100644 --- a/src/libcharon/encoding/payloads/delete_payload.c +++ b/src/libcharon/encoding/payloads/delete_payload.c @@ -43,14 +43,11 @@ struct private_delete_payload_t { bool critical; /** -<<<<<<< HEAD -======= * reserved bits */ bool reserved[7]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -87,16 +84,6 @@ encoding_rule_t delete_payload_encodings[] = { { U_INT_8, offsetof(private_delete_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_delete_payload_t, critical) }, -<<<<<<< HEAD - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, -======= /* 7 Bit reserved bits */ { RESERVED_BIT, offsetof(private_delete_payload_t, reserved[0]) }, { RESERVED_BIT, offsetof(private_delete_payload_t, reserved[1]) }, @@ -105,7 +92,6 @@ encoding_rule_t delete_payload_encodings[] = { { RESERVED_BIT, offsetof(private_delete_payload_t, reserved[4]) }, { RESERVED_BIT, offsetof(private_delete_payload_t, reserved[5]) }, { RESERVED_BIT, offsetof(private_delete_payload_t, reserved[6]) }, ->>>>>>> upstream/4.5.1 /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_delete_payload_t, payload_length) }, { U_INT_8, offsetof(private_delete_payload_t, protocol_id) }, diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c index 8f5c8700a..eafb668b6 100644 --- a/src/libcharon/encoding/payloads/eap_payload.c +++ b/src/libcharon/encoding/payloads/eap_payload.c @@ -43,14 +43,11 @@ struct private_eap_payload_t { bool critical; /** -<<<<<<< HEAD -======= * Reserved bits */ bool reserved[7]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -74,15 +71,6 @@ static encoding_rule_t eap_payload_encodings[] = { /* the critical bit */ { FLAG, offsetof(private_eap_payload_t, critical) }, /* 7 Bit reserved bits, nowhere stored */ -<<<<<<< HEAD - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, -======= { RESERVED_BIT, offsetof(private_eap_payload_t, reserved[0]) }, { RESERVED_BIT, offsetof(private_eap_payload_t, reserved[1]) }, { RESERVED_BIT, offsetof(private_eap_payload_t, reserved[2]) }, @@ -90,7 +78,6 @@ static encoding_rule_t eap_payload_encodings[] = { { RESERVED_BIT, offsetof(private_eap_payload_t, reserved[4]) }, { RESERVED_BIT, offsetof(private_eap_payload_t, reserved[5]) }, { RESERVED_BIT, offsetof(private_eap_payload_t, reserved[6]) }, ->>>>>>> upstream/4.5.1 /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_eap_payload_t, payload_length) }, /* chunt to data, starting at "code" */ diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c index 58250e766..3befadfe2 100644 --- a/src/libcharon/encoding/payloads/id_payload.c +++ b/src/libcharon/encoding/payloads/id_payload.c @@ -1,12 +1,7 @@ /* -<<<<<<< HEAD - * Copyright (C) 2007 Tobias Brunner - * Copyright (C) 2005-2006 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2007 Tobias Brunner ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * * Hochschule fuer Technik Rapperswil @@ -57,8 +52,6 @@ struct private_id_payload_t { bool critical; /** -<<<<<<< HEAD -======= * Reserved bits */ bool reserved_bit[7]; @@ -69,7 +62,6 @@ struct private_id_payload_t { u_int8_t reserved_byte[3]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -90,26 +82,12 @@ struct private_id_payload_t { * * The defined offsets are the positions in a object of type * private_id_payload_t. -<<<<<<< HEAD - * -======= ->>>>>>> upstream/4.5.1 */ encoding_rule_t id_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_id_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_id_payload_t, critical) }, -<<<<<<< HEAD - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, -======= /* 7 Bit reserved bits */ { RESERVED_BIT, offsetof(private_id_payload_t, reserved_bit[0]) }, { RESERVED_BIT, offsetof(private_id_payload_t, reserved_bit[1]) }, @@ -118,25 +96,16 @@ encoding_rule_t id_payload_encodings[] = { { RESERVED_BIT, offsetof(private_id_payload_t, reserved_bit[4]) }, { RESERVED_BIT, offsetof(private_id_payload_t, reserved_bit[5]) }, { RESERVED_BIT, offsetof(private_id_payload_t, reserved_bit[6]) }, ->>>>>>> upstream/4.5.1 /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_id_payload_t, payload_length) }, /* 1 Byte ID type*/ { U_INT_8, offsetof(private_id_payload_t, id_type) }, /* 3 reserved bytes */ -<<<<<<< HEAD - { RESERVED_BYTE, 0 }, - { RESERVED_BYTE, 0 }, - { RESERVED_BYTE, 0 }, - /* some id data bytes, length is defined in PAYLOAD_LENGTH */ - { ID_DATA, offsetof(private_id_payload_t, id_data) } -======= { RESERVED_BYTE, offsetof(private_id_payload_t, reserved_byte[0])}, { RESERVED_BYTE, offsetof(private_id_payload_t, reserved_byte[1])}, { RESERVED_BYTE, offsetof(private_id_payload_t, reserved_byte[2])}, /* some id data bytes, length is defined in PAYLOAD_LENGTH */ { ID_DATA, offsetof(private_id_payload_t, id_data) } ->>>>>>> upstream/4.5.1 }; /* @@ -153,46 +122,15 @@ encoding_rule_t id_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_id_payload_t *this) -{ - if ((this->id_type == 0) || - (this->id_type == 4) || - ((this->id_type >= 6) && (this->id_type <= 8)) || - ((this->id_type >= 12) && (this->id_type <= 200))) -======= METHOD(payload_t, verify, status_t, private_id_payload_t *this) { if (this->id_type == 0 || this->id_type == 4) ->>>>>>> upstream/4.5.1 { /* reserved IDs */ DBG1(DBG_ENC, "received ID with reserved type %d", this->id_type); return FAILED; } -<<<<<<< HEAD - - return SUCCESS; -} - -/** - * Implementation of id_payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_id_payload_t *this, encoding_rule_t **rules, size_t *rule_count) -{ - *rules = id_payload_encodings; - *rule_count = sizeof(id_payload_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_payload_type(private_id_payload_t *this) -======= return SUCCESS; } @@ -205,123 +143,28 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_id_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->payload_type; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_id_payload_t *this) -======= METHOD(payload_t, get_next_type, payload_type_t, private_id_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->next_payload; } -<<<<<<< HEAD -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_id_payload_t *this,payload_type_t type) -======= METHOD(payload_t, set_next_type, void, private_id_payload_t *this, payload_type_t type) ->>>>>>> upstream/4.5.1 { this->next_payload = type; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_id_payload_t *this) -======= METHOD(payload_t, get_length, size_t, private_id_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->payload_length; } -<<<<<<< HEAD -/** - * Implementation of id_payload_t.set_type. - */ -static void set_id_type (private_id_payload_t *this, id_type_t type) -{ - this->id_type = type; -} - -/** - * Implementation of id_payload_t.get_id_type. - */ -static id_type_t get_id_type (private_id_payload_t *this) -{ - return (this->id_type); -} - -/** - * Implementation of id_payload_t.set_data. - */ -static void set_data (private_id_payload_t *this, chunk_t data) -{ - if (this->id_data.ptr != NULL) - { - chunk_free(&(this->id_data)); - } - this->id_data.ptr = clalloc(data.ptr,data.len); - this->id_data.len = data.len; - this->payload_length = ID_PAYLOAD_HEADER_LENGTH + this->id_data.len; -} - - -/** - * Implementation of id_payload_t.get_data_clone. - */ -static chunk_t get_data (private_id_payload_t *this) -{ - return (this->id_data); -} - -/** - * Implementation of id_payload_t.get_data_clone. - */ -static chunk_t get_data_clone (private_id_payload_t *this) -{ - chunk_t cloned_data; - if (this->id_data.ptr == NULL) - { - return (this->id_data); - } - cloned_data.ptr = clalloc(this->id_data.ptr,this->id_data.len); - cloned_data.len = this->id_data.len; - return cloned_data; -} - -/** - * Implementation of id_payload_t.get_identification. - */ -static identification_t *get_identification (private_id_payload_t *this) -{ - return identification_create_from_encoding(this->id_type,this->id_data); -} - -/** - * Implementation of payload_t.destroy and id_payload_t.destroy. - */ -static void destroy(private_id_payload_t *this) -{ - if (this->id_data.ptr != NULL) - { - chunk_free(&(this->id_data)); - } -======= METHOD(id_payload_t, get_identification, identification_t*, private_id_payload_t *this) { @@ -332,7 +175,6 @@ METHOD2(payload_t, id_payload_t, destroy, void, private_id_payload_t *this) { free(this->id_data.ptr); ->>>>>>> upstream/4.5.1 free(this); } @@ -341,37 +183,6 @@ METHOD2(payload_t, id_payload_t, destroy, void, */ id_payload_t *id_payload_create(payload_type_t payload_type) { -<<<<<<< HEAD - private_id_payload_t *this = malloc_thing(private_id_payload_t); - - /* interface functions */ - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.destroy = (void (*) (id_payload_t *)) destroy; - this->public.set_id_type = (void (*) (id_payload_t *,id_type_t)) set_id_type; - this->public.get_id_type = (id_type_t (*) (id_payload_t *)) get_id_type; - this->public.set_data = (void (*) (id_payload_t *,chunk_t)) set_data; - this->public.get_data = (chunk_t (*) (id_payload_t *)) get_data; - this->public.get_data_clone = (chunk_t (*) (id_payload_t *)) get_data_clone; - - this->public.get_identification = (identification_t * (*) (id_payload_t *this)) get_identification; - - /* private variables */ - this->critical = FALSE; - this->next_payload = NO_PAYLOAD; - this->payload_length =ID_PAYLOAD_HEADER_LENGTH; - this->id_data = chunk_empty; - this->payload_type = payload_type; - - return (&(this->public)); -======= private_id_payload_t *this; INIT(this, @@ -393,20 +204,11 @@ id_payload_t *id_payload_create(payload_type_t payload_type) .payload_type = payload_type, ); return &this->public; ->>>>>>> upstream/4.5.1 } /* * Described in header. */ -<<<<<<< HEAD -id_payload_t *id_payload_create_from_identification(payload_type_t payload_type, identification_t *identification) -{ - id_payload_t *this= id_payload_create(payload_type); - this->set_data(this,identification->get_encoding(identification)); - this->set_id_type(this,identification->get_type(identification)); - return this; -======= id_payload_t *id_payload_create_from_identification(payload_type_t payload_type, identification_t *id) { @@ -418,5 +220,4 @@ id_payload_t *id_payload_create_from_identification(payload_type_t payload_type, this->payload_length += this->id_data.len; return &this->public; ->>>>>>> upstream/4.5.1 } diff --git a/src/libcharon/encoding/payloads/id_payload.h b/src/libcharon/encoding/payloads/id_payload.h index b5b9c5907..99831f85f 100644 --- a/src/libcharon/encoding/payloads/id_payload.h +++ b/src/libcharon/encoding/payloads/id_payload.h @@ -40,66 +40,15 @@ typedef struct id_payload_t id_payload_t; * The ID payload format is described in RFC section 3.5. */ struct id_payload_t { -<<<<<<< HEAD -======= ->>>>>>> upstream/4.5.1 /** * The payload_t interface. */ payload_t payload_interface; /** -<<<<<<< HEAD - * Set the ID type. - * - * @param type Type of ID - */ - void (*set_id_type) (id_payload_t *this, id_type_t type); - - /** - * Get the ID type. - * - * @return type of the ID - */ - id_type_t (*get_id_type) (id_payload_t *this); - - /** - * Set the ID data. - * - * Data are getting cloned. - * - * @param data ID data as chunk_t - */ - void (*set_data) (id_payload_t *this, chunk_t data); - - /** - * Get the ID data. - * - * Returned data are a copy of the internal one - * - * @return ID data as chunk_t - */ - chunk_t (*get_data_clone) (id_payload_t *this); - - /** - * Get the ID data. - * - * Returned data are NOT copied. - * - * @return ID data as chunk_t - */ - chunk_t (*get_data) (id_payload_t *this); - - /** - * Creates an identification object of this id payload. - * - * Returned object has to get destroyed by the caller. - * -======= * Creates an identification object of this id payload. * ->>>>>>> upstream/4.5.1 * @return identification_t object */ identification_t *(*get_identification) (id_payload_t *this); diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c index 1462b346b..80dcee0cb 100644 --- a/src/libcharon/encoding/payloads/ike_header.c +++ b/src/libcharon/encoding/payloads/ike_header.c @@ -84,14 +84,11 @@ struct private_ike_header_t { } flags; /** -<<<<<<< HEAD -======= * Reserved bits of IKE header */ bool reserved[5]; /** ->>>>>>> upstream/4.5.1 * Associated Message-ID. */ u_int32_t message_id; @@ -127,32 +124,6 @@ encoding_rule_t ike_header_encodings[] = { /* 8 Byte SPI, stored in the field initiator_spi */ { IKE_SPI, offsetof(private_ike_header_t, initiator_spi) }, /* 8 Byte SPI, stored in the field responder_spi */ -<<<<<<< HEAD - { IKE_SPI, offsetof(private_ike_header_t, responder_spi) }, - /* 1 Byte next payload type, stored in the field next_payload */ - { U_INT_8, offsetof(private_ike_header_t, next_payload) }, - /* 4 Bit major version, stored in the field maj_version */ - { U_INT_4, offsetof(private_ike_header_t, maj_version) }, - /* 4 Bit minor version, stored in the field min_version */ - { U_INT_4, offsetof(private_ike_header_t, min_version) }, - /* 8 Bit for the exchange type */ - { U_INT_8, offsetof(private_ike_header_t, exchange_type) }, - /* 2 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - /* 3 Bit flags, stored in the fields response, version and initiator */ - { FLAG, offsetof(private_ike_header_t, flags.response) }, - { FLAG, offsetof(private_ike_header_t, flags.version) }, - { FLAG, offsetof(private_ike_header_t, flags.initiator) }, - /* 3 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - /* 4 Byte message id, stored in the field message_id */ - { U_INT_32, offsetof(private_ike_header_t, message_id) }, - /* 4 Byte length fied, stored in the field length */ - { HEADER_LENGTH, offsetof(private_ike_header_t, length) } -======= { IKE_SPI, offsetof(private_ike_header_t, responder_spi) }, /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_ike_header_t, next_payload) }, @@ -177,7 +148,6 @@ encoding_rule_t ike_header_encodings[] = { { U_INT_32, offsetof(private_ike_header_t, message_id) }, /* 4 Byte length fied, stored in the field length */ { HEADER_LENGTH,offsetof(private_ike_header_t, length) }, ->>>>>>> upstream/4.5.1 }; @@ -198,16 +168,8 @@ encoding_rule_t ike_header_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD - -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_ike_header_t *this) -======= METHOD(payload_t, verify, status_t, private_ike_header_t *this) ->>>>>>> upstream/4.5.1 { if ((this->exchange_type < IKE_SA_INIT) || ((this->exchange_type > INFORMATIONAL) @@ -219,10 +181,6 @@ METHOD(payload_t, verify, status_t, /* unsupported exchange type */ return FAILED; } -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 if (this->initiator_spi == 0 #ifdef ME /* we allow zero spi for INFORMATIONAL exchanges, @@ -234,25 +192,6 @@ METHOD(payload_t, verify, status_t, /* initiator spi not set */ return FAILED; } -<<<<<<< HEAD - - /* verification of version is not done in here */ - - return SUCCESS; -} - -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(payload_t *this,payload_type_t type) -{ - ((private_ike_header_t *)this)->next_payload = type; -} -/** - * Implementation of ike_header_t.get_initiator_spi. - */ -static u_int64_t get_initiator_spi(private_ike_header_t *this) -======= return SUCCESS; } @@ -289,69 +228,34 @@ METHOD(payload_t, get_length, size_t, METHOD(ike_header_t, get_initiator_spi, u_int64_t, private_ike_header_t *this) ->>>>>>> upstream/4.5.1 { return this->initiator_spi; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.set_initiator_spi. - */ -static void set_initiator_spi(private_ike_header_t *this, u_int64_t initiator_spi) -======= METHOD(ike_header_t, set_initiator_spi, void, private_ike_header_t *this, u_int64_t initiator_spi) ->>>>>>> upstream/4.5.1 { this->initiator_spi = initiator_spi; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.get_responder_spi. - */ -static u_int64_t get_responder_spi(private_ike_header_t *this) -======= METHOD(ike_header_t, get_responder_spi, u_int64_t, private_ike_header_t *this) ->>>>>>> upstream/4.5.1 { return this->responder_spi; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.set_responder_spi. - */ -static void set_responder_spi(private_ike_header_t *this, u_int64_t responder_spi) -======= METHOD(ike_header_t, set_responder_spi, void, private_ike_header_t *this, u_int64_t responder_spi) ->>>>>>> upstream/4.5.1 { this->responder_spi = responder_spi; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.get_maj_version. - */ -static u_int8_t get_maj_version(private_ike_header_t *this) -======= METHOD(ike_header_t, get_maj_version, u_int8_t, private_ike_header_t *this) ->>>>>>> upstream/4.5.1 { return this->maj_version; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.get_min_version. - */ -static u_int8_t get_min_version(private_ike_header_t *this) -======= METHOD(ike_header_t, set_maj_version, void, private_ike_header_t *this, u_int8_t major) { @@ -360,17 +264,10 @@ METHOD(ike_header_t, set_maj_version, void, METHOD(ike_header_t, get_min_version, u_int8_t, private_ike_header_t *this) ->>>>>>> upstream/4.5.1 { return this->min_version; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.get_response_flag. - */ -static bool get_response_flag(private_ike_header_t *this) -======= METHOD(ike_header_t, set_min_version, void, private_ike_header_t *this, u_int8_t minor) { @@ -379,43 +276,22 @@ METHOD(ike_header_t, set_min_version, void, METHOD(ike_header_t, get_response_flag, bool, private_ike_header_t *this) ->>>>>>> upstream/4.5.1 { return this->flags.response; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.set_response_flag. - */ -static void set_response_flag(private_ike_header_t *this, bool response) -======= METHOD(ike_header_t, set_response_flag, void, private_ike_header_t *this, bool response) ->>>>>>> upstream/4.5.1 { this->flags.response = response; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.get_version_flag. - */ -static bool get_version_flag(private_ike_header_t *this) -======= METHOD(ike_header_t, get_version_flag, bool, private_ike_header_t *this) ->>>>>>> upstream/4.5.1 { return this->flags.version; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.get_initiator_flag. - */ -static bool get_initiator_flag(private_ike_header_t *this) -======= METHOD(ike_header_t, set_version_flag, void, private_ike_header_t *this, bool version) { @@ -424,174 +300,51 @@ METHOD(ike_header_t, set_version_flag, void, METHOD(ike_header_t, get_initiator_flag, bool, private_ike_header_t *this) ->>>>>>> upstream/4.5.1 { return this->flags.initiator; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.set_initiator_flag. - */ -static void set_initiator_flag(private_ike_header_t *this, bool initiator) -======= METHOD(ike_header_t, set_initiator_flag, void, private_ike_header_t *this, bool initiator) ->>>>>>> upstream/4.5.1 { this->flags.initiator = initiator; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.get_exchange_type. - */ -static u_int8_t get_exchange_type(private_ike_header_t *this) -======= METHOD(ike_header_t, get_exchange_type, u_int8_t, private_ike_header_t *this) ->>>>>>> upstream/4.5.1 { return this->exchange_type; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.set_exchange_type. - */ -static void set_exchange_type(private_ike_header_t *this, u_int8_t exchange_type) -======= METHOD(ike_header_t, set_exchange_type, void, private_ike_header_t *this, u_int8_t exchange_type) ->>>>>>> upstream/4.5.1 { this->exchange_type = exchange_type; } -<<<<<<< HEAD -/** - * Implements ike_header_t's get_message_id function. - * See #ike_header_t.get_message_id for description. - */ -static u_int32_t get_message_id(private_ike_header_t *this) -======= METHOD(ike_header_t, get_message_id, u_int32_t, private_ike_header_t *this) ->>>>>>> upstream/4.5.1 { return this->message_id; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.set_message_id. - */ -static void set_message_id(private_ike_header_t *this, u_int32_t message_id) -======= METHOD(ike_header_t, set_message_id, void, private_ike_header_t *this, u_int32_t message_id) ->>>>>>> upstream/4.5.1 { this->message_id = message_id; } -<<<<<<< HEAD -/** - * Implementation of ike_header_t.destroy and payload_t.destroy. - */ -static void destroy(ike_header_t *this) -======= METHOD2(payload_t, ike_header_t, destroy, void, private_ike_header_t *this) ->>>>>>> upstream/4.5.1 { free(this); } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_encoding_rules. - */ -static void get_encoding_rules(payload_t *this, encoding_rule_t **rules, size_t *rule_count) -{ - *rules = ike_header_encodings; - *rule_count = sizeof(ike_header_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_type(payload_t *this) -{ - return HEADER; -} - -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(payload_t *this) -{ - return (((private_ike_header_t*)this)->next_payload); -} - -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(payload_t *this) -{ - return (((private_ike_header_t*)this)->length); -} - -======= ->>>>>>> upstream/4.5.1 /* * Described in header. */ ike_header_t *ike_header_create() { -<<<<<<< HEAD - private_ike_header_t *this = malloc_thing(private_ike_header_t); - - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = get_encoding_rules; - this->public.payload_interface.get_length = get_length; - this->public.payload_interface.get_next_type = get_next_type; - this->public.payload_interface.set_next_type = set_next_type; - this->public.payload_interface.get_type = get_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - this->public.destroy = destroy; - - this->public.get_initiator_spi = (u_int64_t (*) (ike_header_t*))get_initiator_spi; - this->public.set_initiator_spi = (void (*) (ike_header_t*,u_int64_t))set_initiator_spi; - this->public.get_responder_spi = (u_int64_t (*) (ike_header_t*))get_responder_spi; - this->public.set_responder_spi = (void (*) (ike_header_t *,u_int64_t))set_responder_spi; - this->public.get_maj_version = (u_int8_t (*) (ike_header_t*))get_maj_version; - this->public.get_min_version = (u_int8_t (*) (ike_header_t*))get_min_version; - this->public.get_response_flag = (bool (*) (ike_header_t*))get_response_flag; - this->public.set_response_flag = (void (*) (ike_header_t*,bool))set_response_flag; - this->public.get_version_flag = (bool (*) (ike_header_t*))get_version_flag; - this->public.get_initiator_flag = (bool (*) (ike_header_t*))get_initiator_flag; - this->public.set_initiator_flag = (void (*) (ike_header_t*,bool))set_initiator_flag; - this->public.get_exchange_type = (u_int8_t (*) (ike_header_t*))get_exchange_type; - this->public.set_exchange_type = (void (*) (ike_header_t*,u_int8_t))set_exchange_type; - this->public.get_message_id = (u_int32_t (*) (ike_header_t*))get_message_id; - this->public.set_message_id = (void (*) (ike_header_t*,u_int32_t))set_message_id; - - /* set default values of the fields */ - this->initiator_spi = 0; - this->responder_spi = 0; - this->next_payload = 0; - this->maj_version = IKE_MAJOR_VERSION; - this->min_version = IKE_MINOR_VERSION; - this->exchange_type = EXCHANGE_TYPE_UNDEFINED; - this->flags.initiator = TRUE; - this->flags.version = HIGHER_VERSION_SUPPORTED_FLAG; - this->flags.response = FALSE; - this->message_id = 0; - this->length = IKE_HEADER_LENGTH; - - return (ike_header_t*)this; -======= private_ike_header_t *this; INIT(this, @@ -636,5 +389,4 @@ ike_header_t *ike_header_create() ); return &this->public; ->>>>>>> upstream/4.5.1 } diff --git a/src/libcharon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h index 77e23efb7..f52c852c5 100644 --- a/src/libcharon/encoding/payloads/ike_header.h +++ b/src/libcharon/encoding/payloads/ike_header.h @@ -143,8 +143,6 @@ struct ike_header_t { u_int8_t (*get_maj_version) (ike_header_t *this); /** -<<<<<<< HEAD -======= * Set the major version. * * @param major major version @@ -152,7 +150,6 @@ struct ike_header_t { void (*set_maj_version) (ike_header_t *this, u_int8_t major); /** ->>>>>>> upstream/4.5.1 * Get the minor version. * * @return minor version @@ -160,8 +157,6 @@ struct ike_header_t { u_int8_t (*get_min_version) (ike_header_t *this); /** -<<<<<<< HEAD -======= * Set the minor version. * * @param minor minor version @@ -169,7 +164,6 @@ struct ike_header_t { void (*set_min_version) (ike_header_t *this, u_int8_t minor); /** ->>>>>>> upstream/4.5.1 * Get the response flag. * * @return response flag @@ -182,10 +176,7 @@ struct ike_header_t { * @param response response flag */ void (*set_response_flag) (ike_header_t *this, bool response); -<<<<<<< HEAD -======= ->>>>>>> upstream/4.5.1 /** * Get "higher version supported"-flag. * @@ -194,8 +185,6 @@ struct ike_header_t { bool (*get_version_flag) (ike_header_t *this); /** -<<<<<<< HEAD -======= * Set the "higher version supported"-flag. * * @param version flag value @@ -203,7 +192,6 @@ struct ike_header_t { void (*set_version_flag)(ike_header_t *this, bool version); /** ->>>>>>> upstream/4.5.1 * Get the initiator flag. * * @return initiator flag diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c index dd239b212..999d73192 100644 --- a/src/libcharon/encoding/payloads/ke_payload.c +++ b/src/libcharon/encoding/payloads/ke_payload.c @@ -1,10 +1,6 @@ /* -<<<<<<< HEAD - * Copyright (C) 2005-2006 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -25,23 +21,13 @@ #include <encoding/payloads/encodings.h> -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 typedef struct private_ke_payload_t private_ke_payload_t; /** * Private data of an ke_payload_t object. -<<<<<<< HEAD - * - */ -struct private_ke_payload_t { -======= */ struct private_ke_payload_t { ->>>>>>> upstream/4.5.1 /** * Public ke_payload_t interface. */ @@ -58,8 +44,6 @@ struct private_ke_payload_t { bool critical; /** -<<<<<<< HEAD -======= * Reserved bits */ bool reserved_bit[7]; @@ -70,7 +54,6 @@ struct private_ke_payload_t { u_int8_t reserved_byte[2]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -91,29 +74,6 @@ struct private_ke_payload_t { * * The defined offsets are the positions in a object of type * private_ke_payload_t. -<<<<<<< HEAD - * - */ -encoding_rule_t ke_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ - { U_INT_8, offsetof(private_ke_payload_t, next_payload) }, - /* the critical bit */ - { FLAG, offsetof(private_ke_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - /* Length of the whole payload*/ - { PAYLOAD_LENGTH, offsetof(private_ke_payload_t, payload_length) }, - /* DH Group number as 16 bit field*/ - { U_INT_16, offsetof(private_ke_payload_t, dh_group_number) }, - { RESERVED_BYTE, 0 }, - { RESERVED_BYTE, 0 }, -======= */ encoding_rule_t ke_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -135,7 +95,6 @@ encoding_rule_t ke_payload_encodings[] = { /* 2 reserved bytes */ { RESERVED_BYTE, offsetof(private_ke_payload_t, reserved_byte[0])}, { RESERVED_BYTE, offsetof(private_ke_payload_t, reserved_byte[1])}, ->>>>>>> upstream/4.5.1 /* Key Exchange Data is from variable size */ { KEY_EXCHANGE_DATA, offsetof(private_ke_payload_t, key_exchange_data)} }; @@ -154,42 +113,6 @@ encoding_rule_t ke_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_ke_payload_t *this) -{ - /* dh group is not verified in here */ - return SUCCESS; -} - -/** - * Implementation of payload_t.destroy. - */ -static void destroy(private_ke_payload_t *this) -{ - if (this->key_exchange_data.ptr != NULL) - { - free(this->key_exchange_data.ptr); - } - free(this); -} - -/** - * Implementation of payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_ke_payload_t *this, encoding_rule_t **rules, size_t *rule_count) -{ - *rules = ke_payload_encodings; - *rule_count = sizeof(ke_payload_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_type(private_ke_payload_t *this) -======= METHOD(payload_t, verify, status_t, private_ke_payload_t *this) { @@ -205,25 +128,10 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_ke_payload_t *this) ->>>>>>> upstream/4.5.1 { return KEY_EXCHANGE; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_ke_payload_t *this) -{ - return (this->next_payload); -} - -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_ke_payload_t *this,payload_type_t type) -======= METHOD(payload_t, get_next_type, payload_type_t, private_ke_payload_t *this) { @@ -232,66 +140,10 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_ke_payload_t *this,payload_type_t type) ->>>>>>> upstream/4.5.1 { this->next_payload = type; } -<<<<<<< HEAD -/** - * recompute the length of the payload. - */ -static void compute_length(private_ke_payload_t *this) -{ - size_t length = KE_PAYLOAD_HEADER_LENGTH; - if (this->key_exchange_data.ptr != NULL) - { - length += this->key_exchange_data.len; - } - this->payload_length = length; -} - -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_ke_payload_t *this) -{ - compute_length(this); - return this->payload_length; -} - -/** - * Implementation of ke_payload_t.get_key_exchange_data. - */ -static chunk_t get_key_exchange_data(private_ke_payload_t *this) -{ - return (this->key_exchange_data); -} - -/** - * Implementation of ke_payload_t.set_key_exchange_data. - */ -static void set_key_exchange_data(private_ke_payload_t *this, chunk_t key_exchange_data) -{ - /* destroy existing data first */ - if (this->key_exchange_data.ptr != NULL) - { - /* free existing value */ - free(this->key_exchange_data.ptr); - this->key_exchange_data.ptr = NULL; - this->key_exchange_data.len = 0; - - } - - this->key_exchange_data = chunk_clone(key_exchange_data); - compute_length(this); -} - -/** - * Implementation of ke_payload_t.get_dh_group_number. - */ -static diffie_hellman_group_t get_dh_group_number(private_ke_payload_t *this) -======= METHOD(payload_t, get_length, size_t, private_ke_payload_t *this) { @@ -306,25 +158,15 @@ METHOD(ke_payload_t, get_key_exchange_data, chunk_t, METHOD(ke_payload_t, get_dh_group_number, diffie_hellman_group_t, private_ke_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->dh_group_number; } -<<<<<<< HEAD -/** - * Implementation of ke_payload_t.set_dh_group_number. - */ -static void set_dh_group_number(private_ke_payload_t *this, diffie_hellman_group_t dh_group_number) -{ - this->dh_group_number = dh_group_number; -======= METHOD2(payload_t, ke_payload_t, destroy, void, private_ke_payload_t *this) { free(this->key_exchange_data.ptr); free(this); ->>>>>>> upstream/4.5.1 } /* @@ -332,33 +174,6 @@ METHOD2(payload_t, ke_payload_t, destroy, void, */ ke_payload_t *ke_payload_create() { -<<<<<<< HEAD - private_ke_payload_t *this = malloc_thing(private_ke_payload_t); - - /* interface functions */ - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.get_key_exchange_data = (chunk_t (*) (ke_payload_t *)) get_key_exchange_data; - this->public.set_key_exchange_data = (void (*) (ke_payload_t *,chunk_t)) set_key_exchange_data; - this->public.get_dh_group_number = (diffie_hellman_group_t (*) (ke_payload_t *)) get_dh_group_number; - this->public.set_dh_group_number =(void (*) (ke_payload_t *,diffie_hellman_group_t)) set_dh_group_number; - this->public.destroy = (void (*) (ke_payload_t *)) destroy; - - /* set default values of the fields */ - this->critical = FALSE; - this->next_payload = NO_PAYLOAD; - this->payload_length = KE_PAYLOAD_HEADER_LENGTH; - this->key_exchange_data = chunk_empty; - this->dh_group_number = MODP_NONE; - -======= private_ke_payload_t *this; INIT(this, @@ -380,7 +195,6 @@ ke_payload_t *ke_payload_create() .payload_length = KE_PAYLOAD_HEADER_LENGTH, .dh_group_number = MODP_NONE, ); ->>>>>>> upstream/4.5.1 return &this->public; } @@ -393,11 +207,7 @@ ke_payload_t *ke_payload_create_from_diffie_hellman(diffie_hellman_t *dh) dh->get_my_public_value(dh, &this->key_exchange_data); this->dh_group_number = dh->get_dh_group(dh); -<<<<<<< HEAD - compute_length(this); -======= this->payload_length = this->key_exchange_data.len + KE_PAYLOAD_HEADER_LENGTH; ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/encoding/payloads/ke_payload.h b/src/libcharon/encoding/payloads/ke_payload.h index edf271add..65cc11883 100644 --- a/src/libcharon/encoding/payloads/ke_payload.h +++ b/src/libcharon/encoding/payloads/ke_payload.h @@ -47,33 +47,13 @@ struct ke_payload_t { payload_t payload_interface; /** -<<<<<<< HEAD - * Returns the currently set key exchange data of this KE payload. - * - * @warning Returned data are not copied. - * - * @return chunk_t pointing to the value -======= * Returns the key exchange data of this KE payload. * * @return chunk_t pointing to internal data ->>>>>>> upstream/4.5.1 */ chunk_t (*get_key_exchange_data) (ke_payload_t *this); /** -<<<<<<< HEAD - * Sets the key exchange data of this KE payload. - * - * Value is getting copied. - * - * @param key_exchange_data chunk_t pointing to the value to set - */ - void (*set_key_exchange_data) (ke_payload_t *this, chunk_t key_exchange_data); - - /** -======= ->>>>>>> upstream/4.5.1 * Gets the Diffie-Hellman Group Number of this KE payload. * * @return DH Group Number of this payload @@ -81,17 +61,6 @@ struct ke_payload_t { diffie_hellman_group_t (*get_dh_group_number) (ke_payload_t *this); /** -<<<<<<< HEAD - * Sets the Diffie-Hellman Group Number of this KE payload. - * - * @param dh_group_number DH Group to set - */ - void (*set_dh_group_number) (ke_payload_t *this, - diffie_hellman_group_t dh_group_number); - - /** -======= ->>>>>>> upstream/4.5.1 * Destroys an ke_payload_t object. */ void (*destroy) (ke_payload_t *this); diff --git a/src/libcharon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c index ccaf60c09..78000b8c6 100644 --- a/src/libcharon/encoding/payloads/nonce_payload.c +++ b/src/libcharon/encoding/payloads/nonce_payload.c @@ -1,10 +1,6 @@ /* -<<<<<<< HEAD - * Copyright (C) 2005-2006 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -19,33 +15,19 @@ * for more details. */ -<<<<<<< HEAD -/* offsetof macro */ -======= ->>>>>>> upstream/4.5.1 #include <stddef.h> #include "nonce_payload.h" #include <encoding/payloads/encodings.h> -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 typedef struct private_nonce_payload_t private_nonce_payload_t; /** * Private data of an nonce_payload_t object. -<<<<<<< HEAD - * - */ -struct private_nonce_payload_t { -======= */ struct private_nonce_payload_t { ->>>>>>> upstream/4.5.1 /** * Public nonce_payload_t interface. */ @@ -62,14 +44,11 @@ struct private_nonce_payload_t { bool critical; /** -<<<<<<< HEAD -======= * Reserved bits */ bool reserved[7]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -85,27 +64,6 @@ struct private_nonce_payload_t { * * The defined offsets are the positions in a object of type * private_nonce_payload_t. -<<<<<<< HEAD - * - */ -encoding_rule_t nonce_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ - { U_INT_8, offsetof(private_nonce_payload_t, next_payload) }, - /* the critical bit */ - { FLAG, offsetof(private_nonce_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - /* Length of the whole nonce payload*/ - { PAYLOAD_LENGTH, offsetof(private_nonce_payload_t, payload_length) }, - /* some nonce bytes, lenth is defined in PAYLOAD_LENGTH */ - { NONCE_DATA, offsetof(private_nonce_payload_t, nonce) } -======= */ encoding_rule_t nonce_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -124,7 +82,6 @@ encoding_rule_t nonce_payload_encodings[] = { { PAYLOAD_LENGTH, offsetof(private_nonce_payload_t, payload_length) }, /* some nonce bytes, lenth is defined in PAYLOAD_LENGTH */ { NONCE_DATA, offsetof(private_nonce_payload_t, nonce) }, ->>>>>>> upstream/4.5.1 }; /* 1 2 3 @@ -138,57 +95,6 @@ encoding_rule_t nonce_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_nonce_payload_t *this) -{ - if ((this->nonce.len < 16) || ((this->nonce.len > 256))) - { - /* nonce length is wrong */ - return FAILED; - } - - return SUCCESS; -} - -/** - * Implementation of nonce_payload_t.set_nonce. - */ -static status_t set_nonce(private_nonce_payload_t *this, chunk_t nonce) -{ - this->nonce.ptr = clalloc(nonce.ptr, nonce.len); - this->nonce.len = nonce.len; - this->payload_length = NONCE_PAYLOAD_HEADER_LENGTH + nonce.len; - return SUCCESS; -} - -/** - * Implementation of nonce_payload_t.get_nonce. - */ -static chunk_t get_nonce(private_nonce_payload_t *this) -{ - chunk_t nonce; - nonce.ptr = clalloc(this->nonce.ptr,this->nonce.len); - nonce.len = this->nonce.len; - return nonce; -} - -/** - * Implementation of nonce_payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_nonce_payload_t *this, encoding_rule_t **rules, size_t *rule_count) -{ - *rules = nonce_payload_encodings; - *rule_count = sizeof(nonce_payload_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_type(private_nonce_payload_t *this) -======= METHOD(payload_t, verify, status_t, private_nonce_payload_t *this) { @@ -208,25 +114,10 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_nonce_payload_t *this) ->>>>>>> upstream/4.5.1 { return NONCE; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_nonce_payload_t *this) -{ - return (this->next_payload); -} - -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_nonce_payload_t *this,payload_type_t type) -======= METHOD(payload_t, get_next_type, payload_type_t, private_nonce_payload_t *this) { @@ -235,40 +126,10 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_nonce_payload_t *this, payload_type_t type) ->>>>>>> upstream/4.5.1 { this->next_payload = type; } -<<<<<<< HEAD -/** - * recompute the length of the payload. - */ -static void compute_length(private_nonce_payload_t *this) -{ - this->payload_length = NONCE_PAYLOAD_HEADER_LENGTH + this->nonce.len; -} - -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_nonce_payload_t *this) -{ - compute_length(this); - return this->payload_length; -} - -/** - * Implementation of payload_t.destroy and nonce_payload_t.destroy. - */ -static void destroy(private_nonce_payload_t *this) -{ - if (this->nonce.ptr != NULL) - { - free(this->nonce.ptr); - } - -======= METHOD(payload_t, get_length, size_t, private_nonce_payload_t *this) { @@ -292,7 +153,6 @@ METHOD2(payload_t, nonce_payload_t, destroy, void, private_nonce_payload_t *this) { free(this->nonce.ptr); ->>>>>>> upstream/4.5.1 free(this); } @@ -301,35 +161,6 @@ METHOD2(payload_t, nonce_payload_t, destroy, void, */ nonce_payload_t *nonce_payload_create() { -<<<<<<< HEAD - private_nonce_payload_t *this = malloc_thing(private_nonce_payload_t); - - /* interface functions */ - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.destroy = (void (*) (nonce_payload_t *)) destroy; - this->public.set_nonce = (void (*) (nonce_payload_t *,chunk_t)) set_nonce; - this->public.get_nonce = (chunk_t (*) (nonce_payload_t *)) get_nonce; - - /* private variables */ - this->critical = FALSE; - this->next_payload = NO_PAYLOAD; - this->payload_length = NONCE_PAYLOAD_HEADER_LENGTH; - this->nonce.ptr = NULL; - this->nonce.len = 0; - - return (&(this->public)); -} - - -======= private_nonce_payload_t *this; INIT(this, @@ -352,4 +183,3 @@ nonce_payload_t *nonce_payload_create() ); return &this->public; } ->>>>>>> upstream/4.5.1 diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index 59668bb9d..77f15ec6d 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -1,14 +1,8 @@ /* -<<<<<<< HEAD - * Copyright (C) 2006-2008 Tobias Brunner - * Copyright (C) 2006 Daniel Roethlisberger - * Copyright (C) 2005-2006 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2006-2008 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -193,15 +187,9 @@ typedef struct private_notify_payload_t private_notify_payload_t; /** * Private data of an notify_payload_t object. -<<<<<<< HEAD - * - */ -struct private_notify_payload_t { -======= */ struct private_notify_payload_t { ->>>>>>> upstream/4.5.1 /** * Public notify_payload_t interface. */ @@ -218,14 +206,11 @@ struct private_notify_payload_t { bool critical; /** -<<<<<<< HEAD -======= * reserved bits */ bool reserved[7]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -261,10 +246,6 @@ struct private_notify_payload_t { * * The defined offsets are the positions in a object of type * private_notify_payload_t. -<<<<<<< HEAD - * -======= ->>>>>>> upstream/4.5.1 */ encoding_rule_t notify_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -272,15 +253,6 @@ encoding_rule_t notify_payload_encodings[] = { /* the critical bit */ { FLAG, offsetof(private_notify_payload_t, critical) }, /* 7 Bit reserved bits, nowhere stored */ -<<<<<<< HEAD - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, -======= { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[0]) }, { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[1]) }, { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[2]) }, @@ -288,7 +260,6 @@ encoding_rule_t notify_payload_encodings[] = { { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[4]) }, { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[5]) }, { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[6]) }, ->>>>>>> upstream/4.5.1 /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_notify_payload_t, payload_length) }, /* Protocol ID as 8 bit field*/ @@ -296,19 +267,11 @@ encoding_rule_t notify_payload_encodings[] = { /* SPI Size as 8 bit field*/ { SPI_SIZE, offsetof(private_notify_payload_t, spi_size) }, /* Notify message type as 16 bit field*/ -<<<<<<< HEAD - { U_INT_16, offsetof(private_notify_payload_t, notify_type) }, - /* SPI as variable length field*/ - { SPI, offsetof(private_notify_payload_t, spi) }, - /* Key Exchange Data is from variable size */ - { NOTIFICATION_DATA, offsetof(private_notify_payload_t, notification_data) } -======= { U_INT_16, offsetof(private_notify_payload_t, notify_type) }, /* SPI as variable length field*/ { SPI, offsetof(private_notify_payload_t, spi) }, /* Key Exchange Data is from variable size */ { NOTIFICATION_DATA,offsetof(private_notify_payload_t, notification_data) } ->>>>>>> upstream/4.5.1 }; /* @@ -329,15 +292,8 @@ encoding_rule_t notify_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_notify_payload_t *this) -======= METHOD(payload_t, verify, status_t, private_notify_payload_t *this) ->>>>>>> upstream/4.5.1 { bool bad_length = FALSE; @@ -451,21 +407,6 @@ METHOD(payload_t, verify, status_t, return SUCCESS; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_notify_payload_t *this, encoding_rule_t **rules, size_t *rule_count) -{ - *rules = notify_payload_encodings; - *rule_count = sizeof(notify_payload_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_type(private_notify_payload_t *this) -======= METHOD(payload_t, get_encoding_rules, void, private_notify_payload_t *this, encoding_rule_t **rules, size_t *rule_count) { @@ -475,25 +416,10 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_notify_payload_t *this) ->>>>>>> upstream/4.5.1 { return NOTIFY; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_notify_payload_t *this) -{ - return (this->next_payload); -} - -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_notify_payload_t *this,payload_type_t type) -======= METHOD(payload_t, get_next_type, payload_type_t, private_notify_payload_t *this) { @@ -502,7 +428,6 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_notify_payload_t *this, payload_type_t type) ->>>>>>> upstream/4.5.1 { this->next_payload = type; } @@ -513,10 +438,7 @@ METHOD(payload_t, set_next_type, void, static void compute_length (private_notify_payload_t *this) { size_t length = NOTIFY_PAYLOAD_HEADER_LENGTH; -<<<<<<< HEAD -======= ->>>>>>> upstream/4.5.1 if (this->notification_data.ptr != NULL) { length += this->notification_data.len; @@ -528,21 +450,6 @@ static void compute_length (private_notify_payload_t *this) this->payload_length = length; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_notify_payload_t *this) -{ - compute_length(this); - return this->payload_length; -} - -/** - * Implementation of notify_payload_t.get_protocol_id. - */ -static u_int8_t get_protocol_id(private_notify_payload_t *this) -======= METHOD(payload_t, get_length, size_t, private_notify_payload_t *this) { @@ -551,59 +458,30 @@ METHOD(payload_t, get_length, size_t, METHOD(notify_payload_t, get_protocol_id, u_int8_t, private_notify_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->protocol_id; } -<<<<<<< HEAD -/** - * Implementation of notify_payload_t.set_protocol_id. - */ -static void set_protocol_id(private_notify_payload_t *this, u_int8_t protocol_id) -======= METHOD(notify_payload_t, set_protocol_id, void, private_notify_payload_t *this, u_int8_t protocol_id) ->>>>>>> upstream/4.5.1 { this->protocol_id = protocol_id; } -<<<<<<< HEAD -/** - * Implementation of notify_payload_t.get_notify_type. - */ -static notify_type_t get_notify_type(private_notify_payload_t *this) -======= METHOD(notify_payload_t, get_notify_type, notify_type_t, private_notify_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->notify_type; } -<<<<<<< HEAD -/** - * Implementation of notify_payload_t.set_notify_type. - */ -static void set_notify_type(private_notify_payload_t *this, u_int16_t notify_type) -======= METHOD(notify_payload_t, set_notify_type, void, private_notify_payload_t *this, notify_type_t notify_type) ->>>>>>> upstream/4.5.1 { this->notify_type = notify_type; } -<<<<<<< HEAD -/** - * Implementation of notify_payload_t.get_spi. - */ -static u_int32_t get_spi(private_notify_payload_t *this) -======= METHOD(notify_payload_t, get_spi, u_int32_t, private_notify_payload_t *this) ->>>>>>> upstream/4.5.1 { switch (this->protocol_id) { @@ -619,15 +497,8 @@ METHOD(notify_payload_t, get_spi, u_int32_t, return 0; } -<<<<<<< HEAD -/** - * Implementation of notify_payload_t.set_spi. - */ -static void set_spi(private_notify_payload_t *this, u_int32_t spi) -======= METHOD(notify_payload_t, set_spi, void, private_notify_payload_t *this, u_int32_t spi) ->>>>>>> upstream/4.5.1 { chunk_free(&this->spi); switch (this->protocol_id) @@ -644,39 +515,6 @@ METHOD(notify_payload_t, set_spi, void, compute_length(this); } -<<<<<<< HEAD -/** - * Implementation of notify_payload_t.get_notification_data. - */ -static chunk_t get_notification_data(private_notify_payload_t *this) -{ - return (this->notification_data); -} - -/** - * Implementation of notify_payload_t.set_notification_data. - */ -static status_t set_notification_data(private_notify_payload_t *this, chunk_t notification_data) -{ - chunk_free(&this->notification_data); - if (notification_data.len > 0) - { - this->notification_data = chunk_clone(notification_data); - } - compute_length(this); - return SUCCESS; -} - -/** - * Implementation of notify_payload_t.destroy and notify_payload_t.destroy. - */ -static status_t destroy(private_notify_payload_t *this) -{ - chunk_free(&this->notification_data); - chunk_free(&this->spi); - free(this); - return SUCCESS; -======= METHOD(notify_payload_t, get_notification_data, chunk_t, private_notify_payload_t *this) { @@ -697,7 +535,6 @@ METHOD2(payload_t, notify_payload_t, destroy, void, free(this->notification_data.ptr); free(this->spi.ptr); free(this); ->>>>>>> upstream/4.5.1 } /* @@ -705,42 +542,6 @@ METHOD2(payload_t, notify_payload_t, destroy, void, */ notify_payload_t *notify_payload_create() { -<<<<<<< HEAD - private_notify_payload_t *this = malloc_thing(private_notify_payload_t); - - /* interface functions */ - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.get_protocol_id = (u_int8_t (*) (notify_payload_t *)) get_protocol_id; - this->public.set_protocol_id = (void (*) (notify_payload_t *,u_int8_t)) set_protocol_id; - this->public.get_notify_type = (notify_type_t (*) (notify_payload_t *)) get_notify_type; - this->public.set_notify_type = (void (*) (notify_payload_t *,notify_type_t)) set_notify_type; - this->public.get_spi = (u_int32_t (*) (notify_payload_t *)) get_spi; - this->public.set_spi = (void (*) (notify_payload_t *,u_int32_t)) set_spi; - this->public.get_notification_data = (chunk_t (*) (notify_payload_t *)) get_notification_data; - this->public.set_notification_data = (void (*) (notify_payload_t *,chunk_t)) set_notification_data; - this->public.destroy = (void (*) (notify_payload_t *)) destroy; - - /* set default values of the fields */ - this->critical = FALSE; - this->next_payload = NO_PAYLOAD; - this->payload_length = NOTIFY_PAYLOAD_HEADER_LENGTH; - this->protocol_id = 0; - this->notify_type = 0; - this->spi.ptr = NULL; - this->spi.len = 0; - this->spi_size = 0; - this->notification_data.ptr = NULL; - this->notification_data.len = 0; - -======= private_notify_payload_t *this; INIT(this, @@ -767,21 +568,12 @@ notify_payload_t *notify_payload_create() .next_payload = NO_PAYLOAD, .payload_length = NOTIFY_PAYLOAD_HEADER_LENGTH, ); ->>>>>>> upstream/4.5.1 return &this->public; } /* * Described in header. */ -<<<<<<< HEAD -notify_payload_t *notify_payload_create_from_protocol_and_type(protocol_id_t protocol_id, notify_type_t notify_type) -{ - notify_payload_t *notify = notify_payload_create(); - - notify->set_notify_type(notify,notify_type); - notify->set_protocol_id(notify,protocol_id); -======= notify_payload_t *notify_payload_create_from_protocol_and_type( protocol_id_t protocol_id, notify_type_t notify_type) { @@ -789,7 +581,6 @@ notify_payload_t *notify_payload_create_from_protocol_and_type( notify->set_notify_type(notify, notify_type); notify->set_protocol_id(notify, protocol_id); ->>>>>>> upstream/4.5.1 return notify; } diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index 35d073240..d1e677db7 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -59,41 +59,23 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, N #ifdef ME ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, "ID_PEER"); -<<<<<<< HEAD -ENUM_NEXT(payload_type_names, HEADER, UNKNOWN_PAYLOAD, ID_PEER, -======= ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER, ->>>>>>> upstream/4.5.1 "HEADER", "PROPOSAL_SUBSTRUCTURE", "TRANSFORM_SUBSTRUCTURE", "TRANSFORM_ATTRIBUTE", "TRAFFIC_SELECTOR_SUBSTRUCTURE", -<<<<<<< HEAD - "CONFIGURATION_ATTRIBUTE", - "UNKNOWN_PAYLOAD"); -#else -ENUM_NEXT(payload_type_names, HEADER, UNKNOWN_PAYLOAD, EXTENSIBLE_AUTHENTICATION, -======= "CONFIGURATION_ATTRIBUTE"); #else ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE, EXTENSIBLE_AUTHENTICATION, ->>>>>>> upstream/4.5.1 "HEADER", "PROPOSAL_SUBSTRUCTURE", "TRANSFORM_SUBSTRUCTURE", "TRANSFORM_ATTRIBUTE", "TRAFFIC_SELECTOR_SUBSTRUCTURE", -<<<<<<< HEAD - "CONFIGURATION_ATTRIBUTE", - "UNKNOWN_PAYLOAD"); -#endif /* ME */ -ENUM_END(payload_type_names, UNKNOWN_PAYLOAD); -======= "CONFIGURATION_ATTRIBUTE"); #endif /* ME */ ENUM_END(payload_type_names, CONFIGURATION_ATTRIBUTE); ->>>>>>> upstream/4.5.1 /* short forms of payload names */ ENUM_BEGIN(payload_type_short_names, NO_PAYLOAD, NO_PAYLOAD, @@ -118,41 +100,23 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICAT #ifdef ME ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, "IDp"); -<<<<<<< HEAD -ENUM_NEXT(payload_type_short_names, HEADER, UNKNOWN_PAYLOAD, ID_PEER, -======= ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER, ->>>>>>> upstream/4.5.1 "HDR", "PROP", "TRANS", "TRANSATTR", "TSSUB", -<<<<<<< HEAD - "CPATTR", - "??"); -#else -ENUM_NEXT(payload_type_short_names, HEADER, UNKNOWN_PAYLOAD, EXTENSIBLE_AUTHENTICATION, -======= "CPATTR"); #else ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE, EXTENSIBLE_AUTHENTICATION, ->>>>>>> upstream/4.5.1 "HDR", "PROP", "TRANS", "TRANSATTR", "TSSUB", -<<<<<<< HEAD - "CPATTR", - "??"); -#endif /* ME */ -ENUM_END(payload_type_short_names, UNKNOWN_PAYLOAD); -======= "CPATTR"); #endif /* ME */ ENUM_END(payload_type_short_names, CONFIGURATION_ATTRIBUTE); ->>>>>>> upstream/4.5.1 /* * see header @@ -210,12 +174,6 @@ payload_t *payload_create(payload_type_t type) case ENCRYPTED: return (payload_t*)encryption_payload_create(); default: -<<<<<<< HEAD - return (payload_t*)unknown_payload_create(); - } -} - -======= return (payload_t*)unknown_payload_create(type); } } @@ -258,4 +216,3 @@ void* payload_get_field(payload_t *payload, encoding_type_t type, u_int skip) } return NULL; } ->>>>>>> upstream/4.5.1 diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 68fbb01c0..0f407ff42 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -137,11 +137,7 @@ enum payload_type_t{ * This payload type is not sent over wire and just * used internally to handle IKEv2-Header like a payload. */ -<<<<<<< HEAD - HEADER = 140, -======= HEADER = 256, ->>>>>>> upstream/4.5.1 /** * PROPOSAL_SUBSTRUCTURE has a value of PRIVATE USE space. @@ -149,11 +145,7 @@ enum payload_type_t{ * This payload type is not sent over wire and just * used internally to handle a proposal substructure like a payload. */ -<<<<<<< HEAD - PROPOSAL_SUBSTRUCTURE = 141, -======= PROPOSAL_SUBSTRUCTURE = 257, ->>>>>>> upstream/4.5.1 /** * TRANSFORM_SUBSTRUCTURE has a value of PRIVATE USE space. @@ -161,11 +153,7 @@ enum payload_type_t{ * This payload type is not sent over wire and just * used internally to handle a transform substructure like a payload. */ -<<<<<<< HEAD - TRANSFORM_SUBSTRUCTURE = 142, -======= TRANSFORM_SUBSTRUCTURE = 258, ->>>>>>> upstream/4.5.1 /** * TRANSFORM_ATTRIBUTE has a value of PRIVATE USE space. @@ -173,11 +161,7 @@ enum payload_type_t{ * This payload type is not sent over wire and just * used internally to handle a transform attribute like a payload. */ -<<<<<<< HEAD - TRANSFORM_ATTRIBUTE = 143, -======= TRANSFORM_ATTRIBUTE = 259, ->>>>>>> upstream/4.5.1 /** * TRAFFIC_SELECTOR_SUBSTRUCTURE has a value of PRIVATE USE space. @@ -185,11 +169,7 @@ enum payload_type_t{ * This payload type is not sent over wire and just * used internally to handle a transform selector like a payload. */ -<<<<<<< HEAD - TRAFFIC_SELECTOR_SUBSTRUCTURE = 144, -======= TRAFFIC_SELECTOR_SUBSTRUCTURE = 260, ->>>>>>> upstream/4.5.1 /** * CONFIGURATION_ATTRIBUTE has a value of PRIVATE USE space. @@ -197,24 +177,9 @@ enum payload_type_t{ * This payload type is not sent over wire and just * used internally to handle a transform attribute like a payload. */ -<<<<<<< HEAD - CONFIGURATION_ATTRIBUTE = 145, - - /** - * A unknown payload has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just - * used internally to handle a unknown payload. - */ - UNKNOWN_PAYLOAD = 146, -}; - - -======= CONFIGURATION_ATTRIBUTE = 261, }; ->>>>>>> upstream/4.5.1 /** * enum names for payload_type_t. */ @@ -295,8 +260,6 @@ struct payload_t { */ payload_t *payload_create(payload_type_t type); -<<<<<<< HEAD -======= /** * Check if a specific payload is implemented, or handled as unknown payload. * @@ -315,5 +278,4 @@ bool payload_is_known(payload_type_t type); */ void* payload_get_field(payload_t *payload, encoding_type_t type, u_int skip); ->>>>>>> upstream/4.5.1 #endif /** PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index 9272d1b63..f39c3b0e6 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -47,14 +47,11 @@ struct private_proposal_substructure_t { u_int8_t next_payload; /** -<<<<<<< HEAD -======= * reserved byte */ u_int8_t reserved; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t proposal_length; @@ -99,13 +96,8 @@ struct private_proposal_substructure_t { encoding_rule_t proposal_substructure_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_proposal_substructure_t, next_payload) }, -<<<<<<< HEAD - /* Reserved Byte is skipped */ - { RESERVED_BYTE, 0 }, -======= /* 1 Reserved Byte */ { RESERVED_BYTE, offsetof(private_proposal_substructure_t, reserved) }, ->>>>>>> upstream/4.5.1 /* Length of the whole proposal substructure payload*/ { PAYLOAD_LENGTH, offsetof(private_proposal_substructure_t, proposal_length) }, /* proposal number is a number of 8 bit */ @@ -226,24 +218,6 @@ METHOD(payload_t, set_next_type, void, */ static void compute_length(private_proposal_substructure_t *this) { -<<<<<<< HEAD - iterator_t *iterator; - payload_t *current_transform; - size_t transforms_count = 0; - size_t length = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH; - - iterator = this->transforms->create_iterator(this->transforms,TRUE); - while (iterator->iterate(iterator, (void**)¤t_transform)) - { - length += current_transform->get_length(current_transform); - transforms_count++; - } - iterator->destroy(iterator); - - length += this->spi.len; - this->transforms_count = transforms_count; - this->proposal_length = length; -======= enumerator_t *enumerator; payload_t *transform; @@ -256,16 +230,11 @@ static void compute_length(private_proposal_substructure_t *this) this->transforms_count++; } enumerator->destroy(enumerator); ->>>>>>> upstream/4.5.1 } METHOD(payload_t, get_length, size_t, private_proposal_substructure_t *this) { -<<<<<<< HEAD - compute_length(this); -======= ->>>>>>> upstream/4.5.1 return this->proposal_length; } @@ -373,39 +342,10 @@ METHOD(proposal_substructure_t, get_proposal, proposal_t*, return proposal; } -<<<<<<< HEAD -METHOD(proposal_substructure_t, clone_, proposal_substructure_t*, - private_proposal_substructure_t *this) -{ - private_proposal_substructure_t *clone; - enumerator_t *enumerator; - transform_substructure_t *current; - - clone = (private_proposal_substructure_t*)proposal_substructure_create(); - clone->next_payload = this->next_payload; - clone->proposal_number = this->proposal_number; - clone->protocol_id = this->protocol_id; - clone->spi_size = this->spi_size; - if (this->spi.ptr != NULL) - { - clone->spi.ptr = clalloc(this->spi.ptr, this->spi.len); - clone->spi.len = this->spi.len; - } - enumerator = this->transforms->create_enumerator(this->transforms); - while (enumerator->enumerate(enumerator, ¤t)) - { - current = current->clone(current); - add_transform_substructure(clone, current); - } - enumerator->destroy(enumerator); - - return &clone->public; -======= METHOD(proposal_substructure_t, create_substructure_enumerator, enumerator_t*, private_proposal_substructure_t *this) { return this->transforms->create_enumerator(this->transforms); ->>>>>>> upstream/4.5.1 } METHOD2(payload_t, proposal_substructure_t, destroy, void, @@ -441,14 +381,6 @@ proposal_substructure_t *proposal_substructure_create() .get_protocol_id = _get_protocol_id, .set_is_last_proposal = _set_is_last_proposal, .get_proposal = _get_proposal, -<<<<<<< HEAD - .set_spi = _set_spi, - .get_spi = _get_spi, - .clone = _clone_, - .destroy = _destroy, - }, - .next_payload = NO_PAYLOAD, -======= .create_substructure_enumerator = _create_substructure_enumerator, .set_spi = _set_spi, .get_spi = _get_spi, @@ -456,7 +388,6 @@ proposal_substructure_t *proposal_substructure_create() }, .next_payload = NO_PAYLOAD, .proposal_length = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH, ->>>>>>> upstream/4.5.1 .transforms = linked_list_create(), ); @@ -548,10 +479,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal( } this->proposal_number = proposal->get_number(proposal); this->protocol_id = proposal->get_protocol(proposal); -<<<<<<< HEAD -======= compute_length(this); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h index a7ad97e1c..d0ba1fd2a 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.h +++ b/src/libcharon/encoding/payloads/proposal_substructure.h @@ -111,19 +111,11 @@ struct proposal_substructure_t { proposal_t * (*get_proposal) (proposal_substructure_t *this); /** -<<<<<<< HEAD - * Clones an proposal_substructure_t object. - * - * @return cloned object - */ - proposal_substructure_t* (*clone) (proposal_substructure_t *this); -======= * Create an enumerator over transform substructures. * * @return enumerator over transform_substructure_t */ enumerator_t* (*create_substructure_enumerator)(proposal_substructure_t *this); ->>>>>>> upstream/4.5.1 /** * Destroys an proposal_substructure_t object. diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c index faa19b614..db20d052f 100644 --- a/src/libcharon/encoding/payloads/sa_payload.c +++ b/src/libcharon/encoding/payloads/sa_payload.c @@ -46,14 +46,11 @@ struct private_sa_payload_t { bool critical; /** -<<<<<<< HEAD -======= * Reserved bits */ bool reserved[7]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -76,15 +73,6 @@ encoding_rule_t sa_payload_encodings[] = { /* the critical bit */ { FLAG, offsetof(private_sa_payload_t, critical) }, /* 7 Bit reserved bits, nowhere stored */ -<<<<<<< HEAD - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, -======= { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[0]) }, { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[1]) }, { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[2]) }, @@ -92,7 +80,6 @@ encoding_rule_t sa_payload_encodings[] = { { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[4]) }, { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[5]) }, { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[6]) }, ->>>>>>> upstream/4.5.1 /* Length of the whole SA payload*/ { PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) }, /* Proposals are stored in a proposal substructure, @@ -203,10 +190,6 @@ static void compute_length(private_sa_payload_t *this) METHOD(payload_t, get_length, size_t, private_sa_payload_t *this) { -<<<<<<< HEAD - compute_length(this); -======= ->>>>>>> upstream/4.5.1 return this->payload_length; } @@ -279,15 +262,12 @@ METHOD(sa_payload_t, get_proposals, linked_list_t*, return list; } -<<<<<<< HEAD -======= METHOD(sa_payload_t, create_substructure_enumerator, enumerator_t*, private_sa_payload_t *this) { return this->proposals->create_enumerator(this->proposals); } ->>>>>>> upstream/4.5.1 METHOD2(payload_t, sa_payload_t, destroy, void, private_sa_payload_t *this) { @@ -316,10 +296,7 @@ sa_payload_t *sa_payload_create() }, .add_proposal = _add_proposal, .get_proposals = _get_proposals, -<<<<<<< HEAD -======= .create_substructure_enumerator = _create_substructure_enumerator, ->>>>>>> upstream/4.5.1 .destroy = _destroy, }, .next_payload = NO_PAYLOAD, diff --git a/src/libcharon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h index fb0227016..cc8c481c8 100644 --- a/src/libcharon/encoding/payloads/sa_payload.h +++ b/src/libcharon/encoding/payloads/sa_payload.h @@ -61,8 +61,6 @@ struct sa_payload_t { void (*add_proposal) (sa_payload_t *this, proposal_t *proposal); /** -<<<<<<< HEAD -======= * Create an enumerator over all proposal substructures. * * @return enumerator over proposal_substructure_t @@ -70,7 +68,6 @@ struct sa_payload_t { enumerator_t* (*create_substructure_enumerator)(sa_payload_t *this); /** ->>>>>>> upstream/4.5.1 * Destroys an sa_payload_t object. */ void (*destroy) (sa_payload_t *this); diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c index f631714a2..df36e4383 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c @@ -1,10 +1,6 @@ /* -<<<<<<< HEAD - * Copyright (C) 2005-2006 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -24,23 +20,13 @@ #include <encoding/payloads/encodings.h> #include <utils/linked_list.h> -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 typedef struct private_traffic_selector_substructure_t private_traffic_selector_substructure_t; /** * Private data of an traffic_selector_substructure_t object. -<<<<<<< HEAD - * - */ -struct private_traffic_selector_substructure_t { -======= */ struct private_traffic_selector_substructure_t { ->>>>>>> upstream/4.5.1 /** * Public traffic_selector_substructure_t interface. */ @@ -87,26 +73,6 @@ struct private_traffic_selector_substructure_t { * * The defined offsets are the positions in a object of type * private_traffic_selector_substructure_t. -<<<<<<< HEAD - * - */ -encoding_rule_t traffic_selector_substructure_encodings[] = { - /* 1 Byte next ts type*/ - { TS_TYPE, offsetof(private_traffic_selector_substructure_t, ts_type) }, - /* 1 Byte IP protocol id*/ - { U_INT_8, offsetof(private_traffic_selector_substructure_t, ip_protocol_id) }, - /* Length of the whole payload*/ - { PAYLOAD_LENGTH, offsetof(private_traffic_selector_substructure_t, payload_length) }, - /* 2 Byte start port*/ - { U_INT_16, offsetof(private_traffic_selector_substructure_t, start_port) }, - /* 2 Byte end port*/ - { U_INT_16, offsetof(private_traffic_selector_substructure_t, end_port) }, - /* starting address is either 4 or 16 byte */ - { ADDRESS, offsetof(private_traffic_selector_substructure_t, starting_address) }, - /* ending address is either 4 or 16 byte */ - { ADDRESS, offsetof(private_traffic_selector_substructure_t, ending_address) } - -======= */ encoding_rule_t traffic_selector_substructure_encodings[] = { /* 1 Byte next ts type*/ @@ -123,7 +89,6 @@ encoding_rule_t traffic_selector_substructure_encodings[] = { { ADDRESS, offsetof(private_traffic_selector_substructure_t, starting_address) }, /* ending address is either 4 or 16 byte */ { ADDRESS, offsetof(private_traffic_selector_substructure_t, ending_address) } ->>>>>>> upstream/4.5.1 }; /* @@ -144,15 +109,8 @@ encoding_rule_t traffic_selector_substructure_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_traffic_selector_substructure_t *this) -======= METHOD(payload_t, verify, status_t, private_traffic_selector_substructure_t *this) ->>>>>>> upstream/4.5.1 { if (this->start_port > this->end_port) { @@ -190,21 +148,6 @@ METHOD(payload_t, verify, status_t, return SUCCESS; } -<<<<<<< HEAD -/** - * Implementation of traffic_selector_substructure_t.get_encoding_rules. - */ -static void get_encoding_rules(private_traffic_selector_substructure_t *this, encoding_rule_t **rules, size_t *rule_count) -{ - *rules = traffic_selector_substructure_encodings; - *rule_count = sizeof(traffic_selector_substructure_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_payload_type(private_traffic_selector_substructure_t *this) -======= METHOD(payload_t, get_encoding_rules, void, private_traffic_selector_substructure_t *this, encoding_rule_t **rules, size_t *rule_count) @@ -215,33 +158,10 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_traffic_selector_substructure_t *this) ->>>>>>> upstream/4.5.1 { return TRAFFIC_SELECTOR_SUBSTRUCTURE; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_traffic_selector_substructure_t *this) -{ - return 0; -} - -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_traffic_selector_substructure_t *this,payload_type_t type) -{ - -} - -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_traffic_selector_substructure_t *this) -======= METHOD(payload_t, get_next_type, payload_type_t, private_traffic_selector_substructure_t *this) { @@ -255,38 +175,10 @@ METHOD(payload_t, set_next_type, void, METHOD(payload_t, get_length, size_t, private_traffic_selector_substructure_t *this) ->>>>>>> upstream/4.5.1 { return this->payload_length; } -<<<<<<< HEAD -/** - * Implementation of traffic_selector_substructure_t.get_traffic_selector. - */ -static traffic_selector_t *get_traffic_selector(private_traffic_selector_substructure_t *this) -{ - traffic_selector_t *ts; - ts = traffic_selector_create_from_bytes(this->ip_protocol_id, this->ts_type, - this->starting_address, this->start_port, - this->ending_address, this->end_port); - return ts; -} - -/** - * recompute length field of the payload - */ -void compute_length(private_traffic_selector_substructure_t *this) -{ - this->payload_length = TRAFFIC_SELECTOR_HEADER_LENGTH + - this->ending_address.len + this->starting_address.len; -} - -/** - * Implementation of payload_t.destroy and traffic_selector_substructure_t.destroy. - */ -static void destroy(private_traffic_selector_substructure_t *this) -======= METHOD(traffic_selector_substructure_t, get_traffic_selector, traffic_selector_t*, private_traffic_selector_substructure_t *this) { @@ -298,7 +190,6 @@ METHOD(traffic_selector_substructure_t, get_traffic_selector, traffic_selector_t METHOD2(payload_t, traffic_selector_substructure_t, destroy, void, private_traffic_selector_substructure_t *this) ->>>>>>> upstream/4.5.1 { free(this->starting_address.ptr); free(this->ending_address.ptr); @@ -310,34 +201,6 @@ METHOD2(payload_t, traffic_selector_substructure_t, destroy, void, */ traffic_selector_substructure_t *traffic_selector_substructure_create() { -<<<<<<< HEAD - private_traffic_selector_substructure_t *this = malloc_thing(private_traffic_selector_substructure_t); - - /* interface functions */ - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.get_traffic_selector = (traffic_selector_t* (*)(traffic_selector_substructure_t*))get_traffic_selector; - this->public.destroy = (void (*) (traffic_selector_substructure_t *)) destroy; - - /* private variables */ - this->payload_length = TRAFFIC_SELECTOR_HEADER_LENGTH; - this->start_port = 0; - this->end_port = 0; - this->starting_address = chunk_empty; - this->ending_address = chunk_empty; - this->ip_protocol_id = 0; - /* must be set to be valid */ - this->ts_type = TS_IPV4_ADDR_RANGE; - - return (&(this->public)); -======= private_traffic_selector_substructure_t *this; INIT(this, @@ -359,27 +222,11 @@ traffic_selector_substructure_t *traffic_selector_substructure_create() .ts_type = TS_IPV4_ADDR_RANGE, ); return &this->public; ->>>>>>> upstream/4.5.1 } /* * Described in header */ -<<<<<<< HEAD -traffic_selector_substructure_t *traffic_selector_substructure_create_from_traffic_selector(traffic_selector_t *traffic_selector) -{ - private_traffic_selector_substructure_t *this = (private_traffic_selector_substructure_t*)traffic_selector_substructure_create(); - this->ts_type = traffic_selector->get_type(traffic_selector); - this->ip_protocol_id = traffic_selector->get_protocol(traffic_selector); - this->start_port = traffic_selector->get_from_port(traffic_selector); - this->end_port = traffic_selector->get_to_port(traffic_selector); - this->starting_address = chunk_clone(traffic_selector->get_from_address(traffic_selector)); - this->ending_address = chunk_clone(traffic_selector->get_to_address(traffic_selector)); - - compute_length(this); - - return &(this->public); -======= traffic_selector_substructure_t *traffic_selector_substructure_create_from_traffic_selector( traffic_selector_t *ts) { @@ -396,5 +243,4 @@ traffic_selector_substructure_t *traffic_selector_substructure_create_from_traff this->ending_address.len + this->starting_address.len; return &this->public; ->>>>>>> upstream/4.5.1 } diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index 7332b939b..7d21258b1 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -1,10 +1,6 @@ /* -<<<<<<< HEAD - * Copyright (C) 2005-2006 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -31,15 +27,9 @@ typedef struct private_transform_attribute_t private_transform_attribute_t; /** * Private data of an transform_attribute_t object. -<<<<<<< HEAD - * - */ -struct private_transform_attribute_t { -======= */ struct private_transform_attribute_t { ->>>>>>> upstream/4.5.1 /** * Public transform_attribute_t interface. */ @@ -81,10 +71,6 @@ ENUM_END(transform_attribute_type_name, KEY_LENGTH); * * The defined offsets are the positions in a object of type * private_transform_attribute_t. -<<<<<<< HEAD - * -======= ->>>>>>> upstream/4.5.1 */ encoding_rule_t transform_attribute_encodings[] = { /* Flag defining the format of this payload */ @@ -92,11 +78,7 @@ encoding_rule_t transform_attribute_encodings[] = { /* type of the attribute as 15 bit unsigned integer */ { ATTRIBUTE_TYPE, offsetof(private_transform_attribute_t, attribute_type) }, /* Length or value, depending on the attribute format flag */ -<<<<<<< HEAD - { ATTRIBUTE_LENGTH_OR_VALUE, offsetof(private_transform_attribute_t, attribute_length_or_value) }, -======= { ATTRIBUTE_LENGTH_OR_VALUE,offsetof(private_transform_attribute_t, attribute_length_or_value) }, ->>>>>>> upstream/4.5.1 /* Value of attribute if attribute format flag is zero */ { ATTRIBUTE_VALUE, offsetof(private_transform_attribute_t, attribute_value) } }; @@ -113,34 +95,6 @@ encoding_rule_t transform_attribute_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_transform_attribute_t *this) -{ - if (this->attribute_type != KEY_LENGTH) - { - return FAILED; - } - - return SUCCESS; -} - -/** - * Implementation of payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_transform_attribute_t *this, encoding_rule_t **rules, size_t *rule_count) -{ - *rules = transform_attribute_encodings; - *rule_count = sizeof(transform_attribute_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_type(private_transform_attribute_t *this) -======= METHOD(payload_t, verify, status_t, private_transform_attribute_t *this) { @@ -157,61 +111,10 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_transform_attribute_t *this) ->>>>>>> upstream/4.5.1 { return TRANSFORM_ATTRIBUTE; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_transform_attribute_t *this) -{ - return (NO_PAYLOAD); -} - -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_transform_attribute_t *this,payload_type_t type) -{ -} - -/** - * Implementation of transform_attribute_t.get_length. - */ -static size_t get_length(private_transform_attribute_t *this) -{ - if (this->attribute_format == TRUE) - { - /*Attribute size is only 4 byte */ - return 4; - } - return (this->attribute_length_or_value + 4); -} - -/** - * Implementation of transform_attribute_t.set_value_chunk. - */ -static void set_value_chunk(private_transform_attribute_t *this, chunk_t value) -{ - if (this->attribute_value.ptr != NULL) - { - /* free existing value */ - free(this->attribute_value.ptr); - this->attribute_value.ptr = NULL; - this->attribute_value.len = 0; - - } - - if (value.len > 2) - { - this->attribute_value.ptr = clalloc(value.ptr,value.len); - this->attribute_value.len = value.len; - this->attribute_length_or_value = value.len; - /* attribute has not a fixed length */ -======= METHOD(payload_t, get_next_type, payload_type_t, private_transform_attribute_t *this) { @@ -242,58 +145,10 @@ METHOD(transform_attribute_t, set_value_chunk, void, { this->attribute_value = chunk_clone(value); this->attribute_length_or_value = value.len; ->>>>>>> upstream/4.5.1 this->attribute_format = FALSE; } else { -<<<<<<< HEAD - memcpy(&(this->attribute_length_or_value),value.ptr,value.len); - } -} - -/** - * Implementation of transform_attribute_t.set_value. - */ -static void set_value(private_transform_attribute_t *this, u_int16_t value) -{ - if (this->attribute_value.ptr != NULL) - { - /* free existing value */ - free(this->attribute_value.ptr); - this->attribute_value.ptr = NULL; - this->attribute_value.len = 0; - - } - this->attribute_length_or_value = value; -} - -/** - * Implementation of transform_attribute_t.get_value_chunk. - */ -static chunk_t get_value_chunk (private_transform_attribute_t *this) -{ - chunk_t value; - - if (this->attribute_format == FALSE) - { - value.ptr = this->attribute_value.ptr; - value.len = this->attribute_value.len; - } - else - { - value.ptr = (void *) &(this->attribute_length_or_value); - value.len = 2; - } - - return value; -} - -/** - * Implementation of transform_attribute_t.get_value. - */ -static u_int16_t get_value (private_transform_attribute_t *this) -======= memcpy(&this->attribute_length_or_value, value.ptr, value.len); } } @@ -318,55 +173,28 @@ METHOD(transform_attribute_t, get_value_chunk, chunk_t, METHOD(transform_attribute_t, get_value, u_int16_t, private_transform_attribute_t *this) ->>>>>>> upstream/4.5.1 { return this->attribute_length_or_value; } -<<<<<<< HEAD - -/** - * Implementation of transform_attribute_t.set_attribute_type. - */ -static void set_attribute_type (private_transform_attribute_t *this, u_int16_t type) -======= METHOD(transform_attribute_t, set_attribute_type, void, private_transform_attribute_t *this, u_int16_t type) ->>>>>>> upstream/4.5.1 { this->attribute_type = type & 0x7FFF; } -<<<<<<< HEAD -/** - * Implementation of transform_attribute_t.get_attribute_type. - */ -static u_int16_t get_attribute_type (private_transform_attribute_t *this) -======= METHOD(transform_attribute_t, get_attribute_type, u_int16_t, private_transform_attribute_t *this) ->>>>>>> upstream/4.5.1 { return this->attribute_type; } -<<<<<<< HEAD -/** - * Implementation of transform_attribute_t.clone. - */ -static transform_attribute_t * _clone(private_transform_attribute_t *this) -{ - private_transform_attribute_t *new_clone; - - new_clone = (private_transform_attribute_t *) transform_attribute_create(); -======= METHOD(transform_attribute_t, clone_, transform_attribute_t*, private_transform_attribute_t *this) { private_transform_attribute_t *new_clone; new_clone = (private_transform_attribute_t *)transform_attribute_create(); ->>>>>>> upstream/4.5.1 new_clone->attribute_format = this->attribute_format; new_clone->attribute_type = this->attribute_type; @@ -374,24 +202,6 @@ METHOD(transform_attribute_t, clone_, transform_attribute_t*, if (!new_clone->attribute_format) { -<<<<<<< HEAD - new_clone->attribute_value.ptr = clalloc(this->attribute_value.ptr,this->attribute_value.len); - new_clone->attribute_value.len = this->attribute_value.len; - } - - return (transform_attribute_t *) new_clone; -} - -/** - * Implementation of transform_attribute_t.destroy and payload_t.destroy. - */ -static void destroy(private_transform_attribute_t *this) -{ - if (this->attribute_value.ptr != NULL) - { - free(this->attribute_value.ptr); - } -======= new_clone->attribute_value = chunk_clone(this->attribute_value); } return &new_clone->public; @@ -401,7 +211,6 @@ METHOD2(payload_t, transform_attribute_t, destroy, void, private_transform_attribute_t *this) { free(this->attribute_value.ptr); ->>>>>>> upstream/4.5.1 free(this); } @@ -410,37 +219,6 @@ METHOD2(payload_t, transform_attribute_t, destroy, void, */ transform_attribute_t *transform_attribute_create() { -<<<<<<< HEAD - private_transform_attribute_t *this = malloc_thing(private_transform_attribute_t); - - /* payload interface */ - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.set_value_chunk = (void (*) (transform_attribute_t *,chunk_t)) set_value_chunk; - this->public.set_value = (void (*) (transform_attribute_t *,u_int16_t)) set_value; - this->public.get_value_chunk = (chunk_t (*) (transform_attribute_t *)) get_value_chunk; - this->public.get_value = (u_int16_t (*) (transform_attribute_t *)) get_value; - this->public.set_attribute_type = (void (*) (transform_attribute_t *,u_int16_t type)) set_attribute_type; - this->public.get_attribute_type = (u_int16_t (*) (transform_attribute_t *)) get_attribute_type; - this->public.clone = (transform_attribute_t * (*) (transform_attribute_t *)) _clone; - this->public.destroy = (void (*) (transform_attribute_t *)) destroy; - - /* set default values of the fields */ - this->attribute_format = TRUE; - this->attribute_type = 0; - this->attribute_length_or_value = 0; - this->attribute_value.ptr = NULL; - this->attribute_value.len = 0; - - return (&(this->public)); -======= private_transform_attribute_t *this; INIT(this, @@ -466,7 +244,6 @@ transform_attribute_t *transform_attribute_create() .attribute_format = TRUE, ); return &this->public; ->>>>>>> upstream/4.5.1 } /* @@ -475,12 +252,7 @@ transform_attribute_t *transform_attribute_create() transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length) { transform_attribute_t *attribute = transform_attribute_create(); -<<<<<<< HEAD - attribute->set_attribute_type(attribute,KEY_LENGTH); - attribute->set_value(attribute,key_length); -======= attribute->set_attribute_type(attribute, KEY_LENGTH); attribute->set_value(attribute, key_length); ->>>>>>> upstream/4.5.1 return attribute; } diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c index fa711a7b5..0428da726 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.c +++ b/src/libcharon/encoding/payloads/transform_substructure.c @@ -1,10 +1,6 @@ /* -<<<<<<< HEAD - * Copyright (C) 2005-2006 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -29,23 +25,13 @@ #include <utils/linked_list.h> #include <daemon.h> -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 typedef struct private_transform_substructure_t private_transform_substructure_t; /** * Private data of an transform_substructure_t object. -<<<<<<< HEAD - * - */ -struct private_transform_substructure_t { -======= */ struct private_transform_substructure_t { ->>>>>>> upstream/4.5.1 /** * Public transform_substructure_t interface. */ @@ -55,24 +41,16 @@ struct private_transform_substructure_t { * Next payload type. */ u_int8_t next_payload; -<<<<<<< HEAD - -======= /** * Reserved bytes */ u_int8_t reserved[2]; ->>>>>>> upstream/4.5.1 /** * Length of this payload. */ u_int16_t transform_length; -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 /** * Type of the transform. */ @@ -89,35 +67,11 @@ struct private_transform_substructure_t { linked_list_t *attributes; }; -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 /** * Encoding rules to parse or generate a Transform substructure. * * The defined offsets are the positions in a object of type * private_transform_substructure_t. -<<<<<<< HEAD - * - */ -encoding_rule_t transform_substructure_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ - { U_INT_8, offsetof(private_transform_substructure_t, next_payload) }, - /* Reserved Byte is skipped */ - { RESERVED_BYTE, 0 }, - /* Length of the whole transform substructure*/ - { PAYLOAD_LENGTH, offsetof(private_transform_substructure_t, transform_length) }, - /* transform type is a number of 8 bit */ - { U_INT_8, offsetof(private_transform_substructure_t, transform_type) }, - /* Reserved Byte is skipped */ - { RESERVED_BYTE, 0 }, - /* tranform ID is a number of 8 bit */ - { U_INT_16, offsetof(private_transform_substructure_t, transform_id) }, - /* Attributes are stored in a transform attribute, - offset points to a linked_list_t pointer */ - { TRANSFORM_ATTRIBUTES, offsetof(private_transform_substructure_t, attributes) } -======= */ encoding_rule_t transform_substructure_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -135,7 +89,6 @@ encoding_rule_t transform_substructure_encodings[] = { /* Attributes are stored in a transform attribute, offset points to a linked_list_t pointer */ { TRANSFORM_ATTRIBUTES, offsetof(private_transform_substructure_t, attributes) } ->>>>>>> upstream/4.5.1 }; /* @@ -152,21 +105,6 @@ encoding_rule_t transform_substructure_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD - -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_transform_substructure_t *this) -{ - status_t status = SUCCESS; - iterator_t *iterator; - payload_t *current_attributes; - - if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 3)) - { - /* must be 0 or 3 */ -======= METHOD(payload_t, verify, status_t, private_transform_substructure_t *this) { @@ -176,7 +114,6 @@ METHOD(payload_t, verify, status_t, if (this->next_payload != NO_PAYLOAD && this->next_payload != 3) { ->>>>>>> upstream/4.5.1 DBG1(DBG_ENC, "inconsistent next payload"); return FAILED; } @@ -197,19 +134,6 @@ METHOD(payload_t, verify, status_t, return FAILED; } } -<<<<<<< HEAD - iterator = this->attributes->create_iterator(this->attributes,TRUE); - - while(iterator->iterate(iterator, (void**)¤t_attributes)) - { - status = current_attributes->verify(current_attributes); - if (status != SUCCESS) - { - DBG1(DBG_ENC, "TRANSFORM_ATTRIBUTE verification failed"); - } - } - iterator->destroy(iterator); -======= enumerator = this->attributes->create_enumerator(this->attributes); while (enumerator->enumerate(enumerator, &attribute)) @@ -222,27 +146,11 @@ METHOD(payload_t, verify, status_t, } } enumerator->destroy(enumerator); ->>>>>>> upstream/4.5.1 /* proposal number is checked in SA payload */ return status; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_transform_substructure_t *this, encoding_rule_t **rules, size_t *rule_count) -{ - *rules = transform_substructure_encodings; - *rule_count = sizeof(transform_substructure_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_type(private_transform_substructure_t *this) -======= METHOD(payload_t, get_encoding_rules, void, private_transform_substructure_t *this, encoding_rule_t **rules, size_t *rule_count) @@ -253,24 +161,14 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_transform_substructure_t *this) ->>>>>>> upstream/4.5.1 { return TRANSFORM_SUBSTRUCTURE; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_transform_substructure_t *this) -{ - return (this->next_payload); -======= METHOD(payload_t, get_next_type, payload_type_t, private_transform_substructure_t *this) { return this->next_payload; ->>>>>>> upstream/4.5.1 } /** @@ -278,83 +176,6 @@ METHOD(payload_t, get_next_type, payload_type_t, */ static void compute_length (private_transform_substructure_t *this) { -<<<<<<< HEAD - iterator_t *iterator; - payload_t *current_attribute; - size_t length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; - - iterator = this->attributes->create_iterator(this->attributes,TRUE); - while (iterator->iterate(iterator, (void**)¤t_attribute)) - { - length += current_attribute->get_length(current_attribute); - } - iterator->destroy(iterator); - - this->transform_length = length; -} - -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_transform_substructure_t *this) -{ - compute_length(this); - return this->transform_length; -} - -/** - * Implementation of transform_substructure_t.create_transform_attribute_iterator. - */ -static iterator_t *create_transform_attribute_iterator (private_transform_substructure_t *this,bool forward) -{ - return this->attributes->create_iterator(this->attributes,forward); -} - -/** - * Implementation of transform_substructure_t.add_transform_attribute. - */ -static void add_transform_attribute (private_transform_substructure_t *this,transform_attribute_t *attribute) -{ - this->attributes->insert_last(this->attributes,(void *) attribute); - compute_length(this); -} - -/** - * Implementation of transform_substructure_t.set_is_last_transform. - */ -static void set_is_last_transform (private_transform_substructure_t *this, bool is_last) -{ - this->next_payload = (is_last) ? 0: TRANSFORM_TYPE_VALUE; -} - -/** - * Implementation of transform_substructure_t.get_is_last_transform. - */ -static bool get_is_last_transform (private_transform_substructure_t *this) -{ - return ((this->next_payload == TRANSFORM_TYPE_VALUE) ? FALSE : TRUE); -} - -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_transform_substructure_t *this,payload_type_t type) -{ -} - -/** - * Implementation of transform_substructure_t.set_transform_type. - */ -static void set_transform_type (private_transform_substructure_t *this,u_int8_t type) -{ - this->transform_type = type; -} - -/** - * Implementation of transform_substructure_t.get_transform_type. - */ -static u_int8_t get_transform_type (private_transform_substructure_t *this) -======= enumerator_t *enumerator; payload_t *attribute; @@ -386,87 +207,16 @@ METHOD(payload_t, set_next_type, void, METHOD(transform_substructure_t, get_transform_type, u_int8_t, private_transform_substructure_t *this) ->>>>>>> upstream/4.5.1 { return this->transform_type; } -<<<<<<< HEAD -/** - * Implementation of transform_substructure_t.set_transform_id. - */ -static void set_transform_id (private_transform_substructure_t *this,u_int16_t id) -{ - this->transform_id = id; -} - -/** - * Implementation of transform_substructure_t.get_transform_id. - */ -static u_int16_t get_transform_id (private_transform_substructure_t *this) -======= METHOD(transform_substructure_t, get_transform_id, u_int16_t, private_transform_substructure_t *this) ->>>>>>> upstream/4.5.1 { return this->transform_id; } -<<<<<<< HEAD -/** - * Implementation of transform_substructure_t.clone. - */ -static transform_substructure_t *clone_(private_transform_substructure_t *this) -{ - private_transform_substructure_t *clone; - iterator_t *attributes; - transform_attribute_t *current_attribute; - - clone = (private_transform_substructure_t *) transform_substructure_create(); - clone->next_payload = this->next_payload; - clone->transform_type = this->transform_type; - clone->transform_id = this->transform_id; - - attributes = this->attributes->create_iterator(this->attributes, FALSE); - while (attributes->iterate(attributes, (void**)¤t_attribute)) - { - current_attribute = current_attribute->clone(current_attribute); - clone->public.add_transform_attribute(&clone->public, current_attribute); - } - attributes->destroy(attributes); - - return &clone->public; -} - - -/** - * Implementation of transform_substructure_t.get_key_length. - */ -static status_t get_key_length(private_transform_substructure_t *this, u_int16_t *key_length) -{ - iterator_t *attributes; - transform_attribute_t *current_attribute; - - attributes = this->attributes->create_iterator(this->attributes, TRUE); - while (attributes->iterate(attributes, (void**)¤t_attribute)) - { - if (current_attribute->get_attribute_type(current_attribute) == KEY_LENGTH) - { - *key_length = current_attribute->get_value(current_attribute); - attributes->destroy(attributes); - return SUCCESS; - } - } - attributes->destroy(attributes); - return FAILED; -} - - -/** - * Implementation of transform_substructure_t.destroy and payload_t.destroy. - */ -static void destroy(private_transform_substructure_t *this) -======= METHOD(transform_substructure_t, get_key_length, status_t, private_transform_substructure_t *this, u_int16_t *key_length) { @@ -489,7 +239,6 @@ METHOD(transform_substructure_t, get_key_length, status_t, METHOD2(payload_t, transform_substructure_t, destroy, void, private_transform_substructure_t *this) ->>>>>>> upstream/4.5.1 { this->attributes->destroy_offset(this->attributes, offsetof(transform_attribute_t, destroy)); @@ -501,40 +250,6 @@ METHOD2(payload_t, transform_substructure_t, destroy, void, */ transform_substructure_t *transform_substructure_create() { -<<<<<<< HEAD - private_transform_substructure_t *this = malloc_thing(private_transform_substructure_t); - - /* payload interface */ - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.create_transform_attribute_iterator = (iterator_t * (*) (transform_substructure_t *,bool)) create_transform_attribute_iterator; - this->public.add_transform_attribute = (void (*) (transform_substructure_t *,transform_attribute_t *)) add_transform_attribute; - this->public.set_is_last_transform = (void (*) (transform_substructure_t *,bool)) set_is_last_transform; - this->public.get_is_last_transform = (bool (*) (transform_substructure_t *)) get_is_last_transform; - this->public.set_transform_type = (void (*) (transform_substructure_t *,u_int8_t)) set_transform_type; - this->public.get_transform_type = (u_int8_t (*) (transform_substructure_t *)) get_transform_type; - this->public.set_transform_id = (void (*) (transform_substructure_t *,u_int16_t)) set_transform_id; - this->public.get_transform_id = (u_int16_t (*) (transform_substructure_t *)) get_transform_id; - this->public.get_key_length = (status_t (*) (transform_substructure_t *,u_int16_t *)) get_key_length; - this->public.clone = (transform_substructure_t* (*) (transform_substructure_t *)) clone_; - this->public.destroy = (void (*) (transform_substructure_t *)) destroy; - - /* set default values of the fields */ - this->next_payload = NO_PAYLOAD; - this->transform_length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; - this->transform_id = 0; - this->transform_type = 0; - this->attributes = linked_list_create(); - - return (&(this->public)); -======= private_transform_substructure_t *this; INIT(this, @@ -559,32 +274,12 @@ transform_substructure_t *transform_substructure_create() .attributes = linked_list_create(), ); return &this->public; ->>>>>>> upstream/4.5.1 } /* * Described in header */ transform_substructure_t *transform_substructure_create_type( -<<<<<<< HEAD - transform_type_t transform_type, - u_int16_t transform_id, u_int16_t key_length) -{ - transform_substructure_t *transform = transform_substructure_create(); - - transform->set_transform_type(transform,transform_type); - transform->set_transform_id(transform,transform_id); - - if (key_length) - { - transform_attribute_t *attribute; - - attribute = transform_attribute_create_key_length(key_length); - transform->add_transform_attribute(transform, attribute); - - } - return transform; -======= transform_type_t type, u_int16_t id, u_int16_t key_length) { private_transform_substructure_t *this; @@ -600,6 +295,5 @@ transform_substructure_t *transform_substructure_create_type( compute_length(this); } return &this->public; ->>>>>>> upstream/4.5.1 } diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h index 2a60b65ba..c961700a4 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.h +++ b/src/libcharon/encoding/payloads/transform_substructure.h @@ -34,10 +34,6 @@ typedef struct transform_substructure_t transform_substructure_t; #include <crypto/crypters/crypter.h> #include <config/proposal.h> -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 /** * IKEv1 Value for a transform payload. */ @@ -48,42 +44,19 @@ typedef struct transform_substructure_t transform_substructure_t; */ #define TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH 8 -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 /** * Class representing an IKEv2- TRANSFORM SUBSTRUCTURE. * * The TRANSFORM SUBSTRUCTURE format is described in RFC section 3.3.2. */ struct transform_substructure_t { -<<<<<<< HEAD -======= ->>>>>>> upstream/4.5.1 /** * The payload_t interface. */ payload_t payload_interface; /** -<<<<<<< HEAD - * Creates an iterator of stored transform_attribute_t objects. - * - * When deleting an transform attribute using this iterator, - * the length of this transform substructure has to be refreshed - * by calling get_length(). - * - * @param forward iterator direction (TRUE: front to end) - * @return created iterator_t object. - */ - iterator_t * (*create_transform_attribute_iterator) ( - transform_substructure_t *this, bool forward); - - /** -======= ->>>>>>> upstream/4.5.1 * Adds a transform_attribute_t object to this object. * * @param proposal transform_attribute_t object to add @@ -102,23 +75,6 @@ struct transform_substructure_t { void (*set_is_last_transform) (transform_substructure_t *this, bool is_last); /** -<<<<<<< HEAD - * Checks if this is the last transform. - * - * @return TRUE if this is the last Transform, FALSE otherwise - */ - bool (*get_is_last_transform) (transform_substructure_t *this); - - /** - * Sets transform type of the current transform substructure. - * - * @param type type value to set - */ - void (*set_transform_type) (transform_substructure_t *this, u_int8_t type); - - /** -======= ->>>>>>> upstream/4.5.1 * get transform type of the current transform. * * @return Transform type of current transform substructure. @@ -126,29 +82,14 @@ struct transform_substructure_t { u_int8_t (*get_transform_type) (transform_substructure_t *this); /** -<<<<<<< HEAD - * Sets transform id of the current transform substructure. - * - * @param id transform id to set - */ - void (*set_transform_id) (transform_substructure_t *this, u_int16_t id); - - /** - * get transform id of the current transform. -======= * Get transform id of the current transform. ->>>>>>> upstream/4.5.1 * * @return Transform id of current transform substructure. */ u_int16_t (*get_transform_id) (transform_substructure_t *this); /** -<<<<<<< HEAD - * get transform id of the current transform. -======= * Get transform id of the current transform. ->>>>>>> upstream/4.5.1 * * @param key_length The key length is written to this location * @return @@ -160,16 +101,6 @@ struct transform_substructure_t { u_int16_t *key_length); /** -<<<<<<< HEAD - * Clones an transform_substructure_t object. - * - * @return cloned transform_substructure_t object - */ - transform_substructure_t* (*clone) (transform_substructure_t *this); - - /** -======= ->>>>>>> upstream/4.5.1 * Destroys an transform_substructure_t object. */ void (*destroy) (transform_substructure_t *this); @@ -178,31 +109,13 @@ struct transform_substructure_t { /** * Creates an empty transform_substructure_t object. * -<<<<<<< HEAD - * @return created transform_substructure_t object -======= * @return created transform_substructure_t object ->>>>>>> upstream/4.5.1 */ transform_substructure_t *transform_substructure_create(void); /** * Creates an empty transform_substructure_t object. * -<<<<<<< HEAD - * The key length is used for the transport types ENCRYPTION_ALGORITHM, - * PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all - * other transport types the key_length parameter is not used - * - * @param transform_type type of transform to create - * @param transform_id transform id specifying the specific algorithm of a transform type - * @param key_length Key length for key lenght attribute - * @return transform_substructure_t object - */ -transform_substructure_t *transform_substructure_create_type( - transform_type_t transform_type, u_int16_t transform_id, - u_int16_t key_length); -======= * @param type type of transform to create * @param id transform id specifc for the transform type * @param key_length key length for key lenght attribute, 0 to omit @@ -210,6 +123,5 @@ transform_substructure_t *transform_substructure_create_type( */ transform_substructure_t *transform_substructure_create_type( transform_type_t type, u_int16_t id, u_int16_t key_length); ->>>>>>> upstream/4.5.1 #endif /** TRANSFORM_SUBSTRUCTURE_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c index db01b433f..28f760e40 100644 --- a/src/libcharon/encoding/payloads/ts_payload.c +++ b/src/libcharon/encoding/payloads/ts_payload.c @@ -1,10 +1,6 @@ /* -<<<<<<< HEAD - * Copyright (C) 2005-2006 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -30,15 +26,9 @@ typedef struct private_ts_payload_t private_ts_payload_t; /** * Private data of an ts_payload_t object. -<<<<<<< HEAD - * - */ -struct private_ts_payload_t { -======= */ struct private_ts_payload_t { ->>>>>>> upstream/4.5.1 /** * Public ts_payload_t interface. */ @@ -60,8 +50,6 @@ struct private_ts_payload_t { bool critical; /** -<<<<<<< HEAD -======= * reserved bits */ bool reserved_bit[7]; @@ -72,7 +60,6 @@ struct private_ts_payload_t { bool reserved_byte[3]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -80,20 +67,12 @@ struct private_ts_payload_t { /** * Number of traffic selectors */ -<<<<<<< HEAD - u_int8_t number_of_traffic_selectors; -======= u_int8_t ts_num; ->>>>>>> upstream/4.5.1 /** * Contains the traffic selectors of type traffic_selector_substructure_t. */ -<<<<<<< HEAD - linked_list_t *traffic_selectors; -======= linked_list_t *substrs; ->>>>>>> upstream/4.5.1 }; /** @@ -101,33 +80,6 @@ struct private_ts_payload_t { * * The defined offsets are the positions in a object of type * private_ts_payload_t. -<<<<<<< HEAD - * - */ -encoding_rule_t ts_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ - { U_INT_8, offsetof(private_ts_payload_t, next_payload) }, - /* the critical bit */ - { FLAG, offsetof(private_ts_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - /* Length of the whole payload*/ - { PAYLOAD_LENGTH, offsetof(private_ts_payload_t, payload_length)}, - /* 1 Byte TS type*/ - { U_INT_8, offsetof(private_ts_payload_t, number_of_traffic_selectors) }, - /* 3 reserved bytes */ - { RESERVED_BYTE, 0 }, - { RESERVED_BYTE, 0 }, - { RESERVED_BYTE, 0 }, - /* some ts data bytes, length is defined in PAYLOAD_LENGTH */ - { TRAFFIC_SELECTORS, offsetof(private_ts_payload_t, traffic_selectors) } -======= */ encoding_rule_t ts_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -152,7 +104,6 @@ encoding_rule_t ts_payload_encodings[] = { { RESERVED_BYTE, offsetof(private_ts_payload_t, reserved_byte[2])}, /* some ts data bytes, length is defined in PAYLOAD_LENGTH */ { TRAFFIC_SELECTORS,offsetof(private_ts_payload_t, substrs) } ->>>>>>> upstream/4.5.1 }; /* @@ -169,27 +120,6 @@ encoding_rule_t ts_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_ts_payload_t *this) -{ - iterator_t *iterator; - payload_t *current_traffic_selector; - status_t status = SUCCESS; - - if (this->number_of_traffic_selectors != (this->traffic_selectors->get_count(this->traffic_selectors))) - { - /* must be the same */ - return FAILED; - } - - iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE); - while(iterator->iterate(iterator, (void**)¤t_traffic_selector)) - { - status = current_traffic_selector->verify(current_traffic_selector); -======= METHOD(payload_t, verify, status_t, private_ts_payload_t *this) { @@ -205,36 +135,16 @@ METHOD(payload_t, verify, status_t, while (enumerator->enumerate(enumerator, &substr)) { status = substr->verify(substr); ->>>>>>> upstream/4.5.1 if (status != SUCCESS) { break; } } -<<<<<<< HEAD - iterator->destroy(iterator); -======= enumerator->destroy(enumerator); ->>>>>>> upstream/4.5.1 return status; } -<<<<<<< HEAD -/** - * Implementation of ts_payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_ts_payload_t *this, encoding_rule_t **rules, size_t *rule_count) -{ - *rules = ts_payload_encodings; - *rule_count = sizeof(ts_payload_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_payload_type(private_ts_payload_t *this) -======= METHOD(payload_t, get_encoding_rules, void, private_ts_payload_t *this, encoding_rule_t **rules, size_t *rule_count) { @@ -244,32 +154,11 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_ts_payload_t *this) ->>>>>>> upstream/4.5.1 { if (this->is_initiator) { return TRAFFIC_SELECTOR_INITIATOR; } -<<<<<<< HEAD - else - { - return TRAFFIC_SELECTOR_RESPONDER; - } -} - -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_ts_payload_t *this) -{ - return (this->next_payload); -} - -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_ts_payload_t *this,payload_type_t type) -======= return TRAFFIC_SELECTOR_RESPONDER; } @@ -281,7 +170,6 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_ts_payload_t *this,payload_type_t type) ->>>>>>> upstream/4.5.1 { this->next_payload = type; } @@ -289,48 +177,6 @@ METHOD(payload_t, set_next_type, void, /** * recompute the length of the payload. */ -<<<<<<< HEAD -static void compute_length (private_ts_payload_t *this) -{ - iterator_t *iterator; - size_t ts_count = 0; - size_t length = TS_PAYLOAD_HEADER_LENGTH; - payload_t *current_traffic_selector; - - iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE); - while (iterator->iterate(iterator, (void**)¤t_traffic_selector)) - { - length += current_traffic_selector->get_length(current_traffic_selector); - ts_count++; - } - iterator->destroy(iterator); - - this->number_of_traffic_selectors= ts_count; - this->payload_length = length; -} - -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_ts_payload_t *this) -{ - compute_length(this); - return this->payload_length; -} - -/** - * Implementation of ts_payload_t.get_initiator. - */ -static bool get_initiator (private_ts_payload_t *this) -{ - return (this->is_initiator); -} - -/** - * Implementation of ts_payload_t.set_initiator. - */ -static void set_initiator (private_ts_payload_t *this,bool is_initiator) -======= static void compute_length(private_ts_payload_t *this) { enumerator_t *enumerator; @@ -361,58 +207,10 @@ METHOD(ts_payload_t, get_initiator, bool, METHOD(ts_payload_t, set_initiator, void, private_ts_payload_t *this,bool is_initiator) ->>>>>>> upstream/4.5.1 { this->is_initiator = is_initiator; } -<<<<<<< HEAD -/** - * Implementation of ts_payload_t.add_traffic_selector_substructure. - */ -static void add_traffic_selector_substructure (private_ts_payload_t *this,traffic_selector_substructure_t *traffic_selector) -{ - this->traffic_selectors->insert_last(this->traffic_selectors,traffic_selector); - this->number_of_traffic_selectors = this->traffic_selectors->get_count(this->traffic_selectors); -} - -/** - * Implementation of ts_payload_t.create_traffic_selector_substructure_iterator. - */ -static iterator_t * create_traffic_selector_substructure_iterator (private_ts_payload_t *this, bool forward) -{ - return this->traffic_selectors->create_iterator(this->traffic_selectors,forward); -} - -/** - * Implementation of ts_payload_t.get_traffic_selectors. - */ -static linked_list_t *get_traffic_selectors(private_ts_payload_t *this) -{ - traffic_selector_t *ts; - iterator_t *iterator; - traffic_selector_substructure_t *ts_substructure; - linked_list_t *ts_list = linked_list_create(); - - iterator = this->traffic_selectors->create_iterator(this->traffic_selectors, TRUE); - while (iterator->iterate(iterator, (void**)&ts_substructure)) - { - ts = ts_substructure->get_traffic_selector(ts_substructure); - ts_list->insert_last(ts_list, (void*)ts); - } - iterator->destroy(iterator); - - return ts_list; -} - -/** - * Implementation of payload_t.destroy and ts_payload_t.destroy. - */ -static void destroy(private_ts_payload_t *this) -{ - this->traffic_selectors->destroy_offset(this->traffic_selectors, - offsetof(payload_t, destroy)); -======= METHOD(ts_payload_t, get_traffic_selectors, linked_list_t*, private_ts_payload_t *this) { @@ -437,7 +235,6 @@ METHOD2(payload_t, ts_payload_t, destroy, void, private_ts_payload_t *this) { this->substrs->destroy_offset(this->substrs, offsetof(payload_t, destroy)); ->>>>>>> upstream/4.5.1 free(this); } @@ -446,36 +243,6 @@ METHOD2(payload_t, ts_payload_t, destroy, void, */ ts_payload_t *ts_payload_create(bool is_initiator) { -<<<<<<< HEAD - private_ts_payload_t *this = malloc_thing(private_ts_payload_t); - - /* interface functions */ - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.destroy = (void (*) (ts_payload_t *)) destroy; - this->public.get_initiator = (bool (*) (ts_payload_t *)) get_initiator; - this->public.set_initiator = (void (*) (ts_payload_t *,bool)) set_initiator; - this->public.add_traffic_selector_substructure = (void (*) (ts_payload_t *,traffic_selector_substructure_t *)) add_traffic_selector_substructure; - this->public.create_traffic_selector_substructure_iterator = (iterator_t* (*) (ts_payload_t *,bool)) create_traffic_selector_substructure_iterator; - this->public.get_traffic_selectors = (linked_list_t *(*) (ts_payload_t *)) get_traffic_selectors; - - /* private variables */ - this->critical = FALSE; - this->next_payload = NO_PAYLOAD; - this->payload_length =TS_PAYLOAD_HEADER_LENGTH; - this->is_initiator = is_initiator; - this->number_of_traffic_selectors = 0; - this->traffic_selectors = linked_list_create(); - - return &(this->public); -======= private_ts_payload_t *this; INIT(this, @@ -500,43 +267,21 @@ ts_payload_t *ts_payload_create(bool is_initiator) .substrs = linked_list_create(), ); return &this->public; ->>>>>>> upstream/4.5.1 } /* * Described in header */ -<<<<<<< HEAD -ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked_list_t *traffic_selectors) -{ - iterator_t *iterator; - traffic_selector_t *ts; - traffic_selector_substructure_t *ts_substructure; -======= ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked_list_t *traffic_selectors) { enumerator_t *enumerator; traffic_selector_t *ts; traffic_selector_substructure_t *subst; ->>>>>>> upstream/4.5.1 private_ts_payload_t *this; this = (private_ts_payload_t*)ts_payload_create(is_initiator); -<<<<<<< HEAD - iterator = traffic_selectors->create_iterator(traffic_selectors, TRUE); - while (iterator->iterate(iterator, (void**)&ts)) - { - ts_substructure = traffic_selector_substructure_create_from_traffic_selector(ts); - this->public.add_traffic_selector_substructure(&(this->public), ts_substructure); - } - iterator->destroy(iterator); - - return &(this->public); -} - -======= enumerator = traffic_selectors->create_enumerator(traffic_selectors); while (enumerator->enumerate(enumerator, &ts)) { @@ -548,4 +293,3 @@ ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, return &this->public; } ->>>>>>> upstream/4.5.1 diff --git a/src/libcharon/encoding/payloads/ts_payload.h b/src/libcharon/encoding/payloads/ts_payload.h index eb39a5c1d..88ca00bc9 100644 --- a/src/libcharon/encoding/payloads/ts_payload.h +++ b/src/libcharon/encoding/payloads/ts_payload.h @@ -19,10 +19,6 @@ * @{ @ingroup payloads */ -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 #ifndef TS_PAYLOAD_H_ #define TS_PAYLOAD_H_ @@ -39,20 +35,13 @@ typedef struct ts_payload_t ts_payload_t; */ #define TS_PAYLOAD_HEADER_LENGTH 8 -<<<<<<< HEAD - -======= ->>>>>>> upstream/4.5.1 /** * Class representing an IKEv2 TS payload. * * The TS payload format is described in RFC section 3.13. */ struct ts_payload_t { -<<<<<<< HEAD -======= ->>>>>>> upstream/4.5.1 /** * The payload_t interface. */ @@ -77,30 +66,6 @@ struct ts_payload_t { void (*set_initiator) (ts_payload_t *this,bool is_initiator); /** -<<<<<<< HEAD - * Adds a traffic_selector_substructure_t object to this object. - * - * @param traffic_selector traffic_selector_substructure_t object to add - */ - void (*add_traffic_selector_substructure) (ts_payload_t *this, - traffic_selector_substructure_t *traffic_selector); - - /** - * Creates an iterator of stored traffic_selector_substructure_t objects. - * - * When removing an traffic_selector_substructure_t object - * using this iterator, the length of this payload - * has to get refreshed by calling payload_t.get_length! - * - * @param forward iterator direction (TRUE: front to end) - * @return created iterator_t object - */ - iterator_t *(*create_traffic_selector_substructure_iterator) ( - ts_payload_t *this, bool forward); - - /** -======= ->>>>>>> upstream/4.5.1 * Get a list of nested traffic selectors as traffic_selector_t. * * Resulting list and its traffic selectors must be destroyed after usage @@ -118,28 +83,15 @@ struct ts_payload_t { /** * Creates an empty ts_payload_t object. * -<<<<<<< HEAD - * @param is_initiator - * - TRUE if this payload is of type TSi - * - FALSE if this payload is of type TSr - * @return ts_payload_t object -======= * @param is_initiator TRUE for TSi, FALSE for TSr payload type * @return ts_payload_t object ->>>>>>> upstream/4.5.1 */ ts_payload_t *ts_payload_create(bool is_initiator); /** * Creates ts_payload with a list of traffic_selector_t * -<<<<<<< HEAD - * @param is_initiator - * - TRUE if this payload is of type TSi - * - FALSE if this payload is of type TSr -======= * @param is_initiator TRUE for TSi, FALSE for TSr payload type ->>>>>>> upstream/4.5.1 * @param traffic_selectors list of traffic selectors to include * @return ts_payload_t object */ diff --git a/src/libcharon/encoding/payloads/unknown_payload.c b/src/libcharon/encoding/payloads/unknown_payload.c index 2f428ed06..27af338b3 100644 --- a/src/libcharon/encoding/payloads/unknown_payload.c +++ b/src/libcharon/encoding/payloads/unknown_payload.c @@ -18,11 +18,6 @@ #include "unknown_payload.h" -<<<<<<< HEAD - - -======= ->>>>>>> upstream/4.5.1 typedef struct private_unknown_payload_t private_unknown_payload_t; /** @@ -36,14 +31,11 @@ struct private_unknown_payload_t { unknown_payload_t public; /** -<<<<<<< HEAD -======= * Type of this payload */ payload_type_t type; /** ->>>>>>> upstream/4.5.1 * Next payload type. */ u_int8_t next_payload; @@ -54,14 +46,11 @@ struct private_unknown_payload_t { bool critical; /** -<<<<<<< HEAD -======= * Reserved bits */ bool reserved[7]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -81,23 +70,6 @@ struct private_unknown_payload_t { */ encoding_rule_t unknown_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ -<<<<<<< HEAD - { U_INT_8, offsetof(private_unknown_payload_t, next_payload)}, - /* the critical bit */ - { FLAG, offsetof(private_unknown_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - /* Length of the whole payload*/ - { PAYLOAD_LENGTH, offsetof(private_unknown_payload_t, payload_length)}, - /* some unknown data bytes, length is defined in PAYLOAD_LENGTH */ - { UNKNOWN_DATA, offsetof(private_unknown_payload_t, data) } -======= { U_INT_8, offsetof(private_unknown_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_unknown_payload_t, critical) }, @@ -113,7 +85,6 @@ encoding_rule_t unknown_payload_encodings[] = { { PAYLOAD_LENGTH, offsetof(private_unknown_payload_t, payload_length) }, /* some unknown data bytes, length is defined in PAYLOAD_LENGTH */ { UNKNOWN_DATA, offsetof(private_unknown_payload_t, data) }, ->>>>>>> upstream/4.5.1 }; /* @@ -128,21 +99,6 @@ encoding_rule_t unknown_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_unknown_payload_t *this) -{ - /* can't do any checks, so we assume its good */ - return SUCCESS; -} - -/** - * Implementation of payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_unknown_payload_t *this, encoding_rule_t **rules, size_t *rule_count) -======= METHOD(payload_t, verify, status_t, private_unknown_payload_t *this) { @@ -155,34 +111,11 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, void, private_unknown_payload_t *this, encoding_rule_t **rules, size_t *rule_count) ->>>>>>> upstream/4.5.1 { *rules = unknown_payload_encodings; *rule_count = sizeof(unknown_payload_encodings) / sizeof(encoding_rule_t); } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_payload_type(private_unknown_payload_t *this) -{ - return UNKNOWN_PAYLOAD; -} - -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_unknown_payload_t *this) -{ - return (this->next_payload); -} - -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_unknown_payload_t *this,payload_type_t type) -======= METHOD(payload_t, get_payload_type, payload_type_t, private_unknown_payload_t *this) { @@ -197,57 +130,22 @@ METHOD(payload_t, get_next_type, payload_type_t, METHOD(payload_t, set_next_type, void, private_unknown_payload_t *this,payload_type_t type) ->>>>>>> upstream/4.5.1 { this->next_payload = type; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_unknown_payload_t *this) -======= METHOD(payload_t, get_length, size_t, private_unknown_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->payload_length; } -<<<<<<< HEAD -/** - * Implementation of unknown_payload_t.get_data. - */ -static bool is_critical(private_unknown_payload_t *this) -======= METHOD(unknown_payload_t, is_critical, bool, private_unknown_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->critical; } -<<<<<<< HEAD -/** - * Implementation of unknown_payload_t.get_data. - */ -static chunk_t get_data (private_unknown_payload_t *this) -{ - return (this->data); -} - -/** - * Implementation of payload_t.destroy and unknown_payload_t.destroy. - */ -static void destroy(private_unknown_payload_t *this) -{ - if (this->data.ptr != NULL) - { - chunk_free(&(this->data)); - } - -======= METHOD(unknown_payload_t, get_data, chunk_t, private_unknown_payload_t *this) { @@ -258,40 +156,12 @@ METHOD2(payload_t, unknown_payload_t, destroy, void, private_unknown_payload_t *this) { free(this->data.ptr); ->>>>>>> upstream/4.5.1 free(this); } /* * Described in header */ -<<<<<<< HEAD -unknown_payload_t *unknown_payload_create() -{ - private_unknown_payload_t *this = malloc_thing(private_unknown_payload_t); - - /* interface functions */ - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.destroy = (void (*) (unknown_payload_t *)) destroy; - this->public.is_critical = (bool (*) (unknown_payload_t *)) is_critical; - this->public.get_data = (chunk_t (*) (unknown_payload_t *)) get_data; - - /* private variables */ - this->critical = FALSE; - this->next_payload = NO_PAYLOAD; - this->payload_length = UNKNOWN_PAYLOAD_HEADER_LENGTH; - this->data = chunk_empty; - - return (&(this->public)); -======= unknown_payload_t *unknown_payload_create(payload_type_t type) { private_unknown_payload_t *this; @@ -334,5 +204,4 @@ unknown_payload_t *unknown_payload_create_data(payload_type_t type, this->payload_length = UNKNOWN_PAYLOAD_HEADER_LENGTH + data.len; return &this->public; ->>>>>>> upstream/4.5.1 } diff --git a/src/libcharon/encoding/payloads/unknown_payload.h b/src/libcharon/encoding/payloads/unknown_payload.h index b874f6dc3..5ae85331b 100644 --- a/src/libcharon/encoding/payloads/unknown_payload.h +++ b/src/libcharon/encoding/payloads/unknown_payload.h @@ -70,13 +70,6 @@ struct unknown_payload_t { }; /** -<<<<<<< HEAD - * Creates an empty unknown_payload_t object. - * - * @return unknown_payload_t object - */ -unknown_payload_t *unknown_payload_create(void); -======= * Creates an empty unknown_payload_t. * * @param type of the payload @@ -94,6 +87,5 @@ unknown_payload_t *unknown_payload_create(payload_type_t type); */ unknown_payload_t *unknown_payload_create_data(payload_type_t type, bool critical, chunk_t data); ->>>>>>> upstream/4.5.1 #endif /** UNKNOWN_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.c b/src/libcharon/encoding/payloads/vendor_id_payload.c index d2295e4a2..e9e80e989 100644 --- a/src/libcharon/encoding/payloads/vendor_id_payload.c +++ b/src/libcharon/encoding/payloads/vendor_id_payload.c @@ -1,10 +1,6 @@ /* -<<<<<<< HEAD - * Copyright (C) 2005-2009 Martin Willi -======= * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -46,14 +42,11 @@ struct private_vendor_id_payload_t { bool critical; /** -<<<<<<< HEAD -======= * Reserved bits */ bool reserved[7]; /** ->>>>>>> upstream/4.5.1 * Length of this payload. */ u_int16_t payload_length; @@ -72,23 +65,6 @@ struct private_vendor_id_payload_t { */ encoding_rule_t vendor_id_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ -<<<<<<< HEAD - { U_INT_8, offsetof(private_vendor_id_payload_t, next_payload) }, - /* the critical bit */ - { FLAG, offsetof(private_vendor_id_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - /* Length of the whole payload*/ - { PAYLOAD_LENGTH, offsetof(private_vendor_id_payload_t, payload_length)}, - /* some vendor_id data bytes, length is defined in PAYLOAD_LENGTH */ - { VID_DATA, offsetof(private_vendor_id_payload_t, data) } -======= { U_INT_8, offsetof(private_vendor_id_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_vendor_id_payload_t, critical) }, @@ -104,7 +80,6 @@ encoding_rule_t vendor_id_payload_encodings[] = { { PAYLOAD_LENGTH, offsetof(private_vendor_id_payload_t, payload_length)}, /* some vendor_id data bytes, length is defined in PAYLOAD_LENGTH */ { VID_DATA, offsetof(private_vendor_id_payload_t, data) } ->>>>>>> upstream/4.5.1 }; /* @@ -119,35 +94,12 @@ encoding_rule_t vendor_id_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -<<<<<<< HEAD -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_vendor_id_payload_t *this) -======= METHOD(payload_t, verify, status_t, private_vendor_id_payload_t *this) ->>>>>>> upstream/4.5.1 { return SUCCESS; } -<<<<<<< HEAD -/** - * Implementation of vendor_id_payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_vendor_id_payload_t *this, - encoding_rule_t **rules, size_t *rule_count) -{ - *rules = vendor_id_payload_encodings; - *rule_count = sizeof(vendor_id_payload_encodings) / sizeof(encoding_rule_t); -} - -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_payload_type(private_vendor_id_payload_t *this) -======= METHOD(payload_t, get_encoding_rules, void, private_vendor_id_payload_t *this, encoding_rule_t **rules, size_t *rule_count) @@ -158,72 +110,36 @@ METHOD(payload_t, get_encoding_rules, void, METHOD(payload_t, get_type, payload_type_t, private_vendor_id_payload_t *this) ->>>>>>> upstream/4.5.1 { return VENDOR_ID; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_vendor_id_payload_t *this) -======= METHOD(payload_t, get_next_type, payload_type_t, private_vendor_id_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->next_payload; } -<<<<<<< HEAD -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_vendor_id_payload_t *this,payload_type_t type) -======= METHOD(payload_t, set_next_type, void, private_vendor_id_payload_t *this, payload_type_t type) ->>>>>>> upstream/4.5.1 { this->next_payload = type; } -<<<<<<< HEAD -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_vendor_id_payload_t *this) -======= METHOD(payload_t, get_length, size_t, private_vendor_id_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->payload_length; } -<<<<<<< HEAD -/** - * Implementation of vendor_id_payload_t.get_data. - */ -static chunk_t get_data(private_vendor_id_payload_t *this) -======= METHOD(vendor_id_payload_t, get_data, chunk_t, private_vendor_id_payload_t *this) ->>>>>>> upstream/4.5.1 { return this->data; } -<<<<<<< HEAD -/** - * Implementation of payload_t.destroy and vendor_id_payload_t.destroy. - */ -static void destroy(private_vendor_id_payload_t *this) -======= METHOD2(payload_t, vendor_id_payload_t, destroy, void, private_vendor_id_payload_t *this) ->>>>>>> upstream/4.5.1 { free(this->data.ptr); free(this); @@ -232,26 +148,6 @@ METHOD2(payload_t, vendor_id_payload_t, destroy, void, /* * Described in header */ -<<<<<<< HEAD -vendor_id_payload_t *vendor_id_payload_create() -{ - private_vendor_id_payload_t *this = malloc_thing(private_vendor_id_payload_t); - - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - this->public.get_data = (chunk_t (*) (vendor_id_payload_t *)) get_data; - - this->critical = FALSE; - this->next_payload = NO_PAYLOAD; - this->payload_length = VENDOR_ID_PAYLOAD_HEADER_LENGTH; - this->data = chunk_empty; - -======= vendor_id_payload_t *vendor_id_payload_create_data(chunk_t data) { private_vendor_id_payload_t *this; @@ -274,28 +170,13 @@ vendor_id_payload_t *vendor_id_payload_create_data(chunk_t data) .payload_length = VENDOR_ID_PAYLOAD_HEADER_LENGTH + data.len, .data = data, ); ->>>>>>> upstream/4.5.1 return &this->public; } /* * Described in header */ -<<<<<<< HEAD -vendor_id_payload_t *vendor_id_payload_create_data(chunk_t data) -{ - private_vendor_id_payload_t *this; - - this = (private_vendor_id_payload_t*)vendor_id_payload_create(); - this->payload_length += data.len; - this->data = data; - - return &this->public; -} - -======= vendor_id_payload_t *vendor_id_payload_create() { return vendor_id_payload_create_data(chunk_empty); } ->>>>>>> upstream/4.5.1 diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.h b/src/libcharon/encoding/payloads/vendor_id_payload.h index 45cce985e..4e4e7d8eb 100644 --- a/src/libcharon/encoding/payloads/vendor_id_payload.h +++ b/src/libcharon/encoding/payloads/vendor_id_payload.h @@ -50,14 +50,11 @@ struct vendor_id_payload_t { * @return VID data, pointing to an internal chunk_t */ chunk_t (*get_data)(vendor_id_payload_t *this); -<<<<<<< HEAD -======= /** * Destroy Vendor ID payload. */ void (*destroy)(vendor_id_payload_t *this); ->>>>>>> upstream/4.5.1 }; /** diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in index 7f3cd1692..57aab1db7 100644 --- a/src/libcharon/plugins/addrblock/Makefile.in +++ b/src/libcharon/plugins/addrblock/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/addrblock/addrblock_plugin.c b/src/libcharon/plugins/addrblock/addrblock_plugin.c index 5fdb36c5c..72c551f0f 100644 --- a/src/libcharon/plugins/addrblock/addrblock_plugin.c +++ b/src/libcharon/plugins/addrblock/addrblock_plugin.c @@ -43,6 +43,12 @@ struct private_addrblock_plugin_t { addrblock_narrow_t *narrower; }; +METHOD(plugin_t, get_name, char*, + private_addrblock_plugin_t *this) +{ + return "addrblock"; +} + METHOD(plugin_t, destroy, void, private_addrblock_plugin_t *this) { @@ -63,6 +69,8 @@ plugin_t *addrblock_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/addrblock/addrblock_validator.c b/src/libcharon/plugins/addrblock/addrblock_validator.c index b6836cb1f..1b07378f7 100644 --- a/src/libcharon/plugins/addrblock/addrblock_validator.c +++ b/src/libcharon/plugins/addrblock/addrblock_validator.c @@ -1,13 +1,6 @@ /* -<<<<<<< HEAD - * Copyright (C) 2010 Martin Willi - * Copyright (C) 2010 revosec AG - * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil -======= * Copyright (C) 2010 Martin Willi, revosec AG * Copyright (C) 2009 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil ->>>>>>> upstream/4.5.1 * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -95,12 +88,8 @@ static bool check_addrblock(x509_t *subject, x509_t *issuer) METHOD(cert_validator_t, validate, bool, private_addrblock_validator_t *this, certificate_t *subject, -<<<<<<< HEAD - certificate_t *issuer, bool online, int pathlen, auth_cfg_t *auth) -======= - certificate_t *issuer, bool online, int pathlen, bool anchor, + certificate_t *issuer, bool online, u_int pathlen, bool anchor, auth_cfg_t *auth) ->>>>>>> upstream/4.5.1 { if (subject->get_type(subject) == CERT_X509 && issuer->get_type(issuer) == CERT_X509) @@ -125,7 +114,9 @@ addrblock_validator_t *addrblock_validator_create() INIT(this, .public = { - .validator.validate = _validate, + .validator = { + .validate = _validate, + }, .destroy = _destroy, }, ); diff --git a/src/libcharon/plugins/android/Makefile.in b/src/libcharon/plugins/android/Makefile.in index d9700f810..08248da12 100644 --- a/src/libcharon/plugins/android/Makefile.in +++ b/src/libcharon/plugins/android/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/android/android_creds.c b/src/libcharon/plugins/android/android_creds.c index 69941848c..601c91e7b 100644 --- a/src/libcharon/plugins/android/android_creds.c +++ b/src/libcharon/plugins/android/android_creds.c @@ -235,11 +235,7 @@ METHOD(android_creds_t, set_username_password, void, DESTROY_IF(this->user); this->user = id->clone(id); free(this->pass); -<<<<<<< HEAD - this->pass = password ? strdup(password) : NULL; -======= this->pass = strdupnull(password); ->>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } diff --git a/src/libcharon/plugins/android/android_plugin.c b/src/libcharon/plugins/android/android_plugin.c index 3d82d8f60..54a7017a1 100644 --- a/src/libcharon/plugins/android/android_plugin.c +++ b/src/libcharon/plugins/android/android_plugin.c @@ -54,11 +54,16 @@ struct private_android_plugin_t { * Service that interacts with the Android Settings frontend */ android_service_t *service; - }; +METHOD(plugin_t, get_name, char*, + private_android_plugin_t *this) +{ + return "android"; +} + METHOD(plugin_t, destroy, void, - private_android_plugin_t *this) + private_android_plugin_t *this) { hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler); @@ -81,6 +86,8 @@ plugin_t *android_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c index c222d8a65..487567f2a 100644 --- a/src/libcharon/plugins/android/android_service.c +++ b/src/libcharon/plugins/android/android_service.c @@ -291,13 +291,8 @@ static job_requeue_t initiate(private_android_service_t *this) peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL, -<<<<<<< HEAD - ACTION_NONE, ACTION_NONE, FALSE, 0, 0, - NULL, NULL); -======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); ->>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); diff --git a/src/libcharon/plugins/coupling/Makefile.am b/src/libcharon/plugins/coupling/Makefile.am new file mode 100644 index 000000000..642ce820c --- /dev/null +++ b/src/libcharon/plugins/coupling/Makefile.am @@ -0,0 +1,16 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-coupling.la +else +plugin_LTLIBRARIES = libstrongswan-coupling.la +endif + +libstrongswan_coupling_la_SOURCES = coupling_plugin.h coupling_plugin.c \ + coupling_validator.h coupling_validator.c + +libstrongswan_coupling_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in new file mode 100644 index 000000000..a3104e4c0 --- /dev/null +++ b/src/libcharon/plugins/coupling/Makefile.in @@ -0,0 +1,608 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/coupling +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_coupling_la_LIBADD = +am_libstrongswan_coupling_la_OBJECTS = coupling_plugin.lo \ + coupling_validator.lo +libstrongswan_coupling_la_OBJECTS = \ + $(am_libstrongswan_coupling_la_OBJECTS) +libstrongswan_coupling_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_coupling_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_coupling_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_coupling_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_coupling_la_SOURCES) +DIST_SOURCES = $(libstrongswan_coupling_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-coupling.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-coupling.la +libstrongswan_coupling_la_SOURCES = coupling_plugin.h coupling_plugin.c \ + coupling_validator.h coupling_validator.c + +libstrongswan_coupling_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/coupling/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/coupling/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-coupling.la: $(libstrongswan_coupling_la_OBJECTS) $(libstrongswan_coupling_la_DEPENDENCIES) + $(libstrongswan_coupling_la_LINK) $(am_libstrongswan_coupling_la_rpath) $(libstrongswan_coupling_la_OBJECTS) $(libstrongswan_coupling_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/coupling_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/coupling_validator.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/coupling/coupling_plugin.c b/src/libcharon/plugins/coupling/coupling_plugin.c new file mode 100644 index 000000000..7ccc51db5 --- /dev/null +++ b/src/libcharon/plugins/coupling/coupling_plugin.c @@ -0,0 +1,81 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "coupling_plugin.h" + +#include "coupling_validator.h" + +#include <daemon.h> + +typedef struct private_coupling_plugin_t private_coupling_plugin_t; + +/** + * private data of coupling plugin + */ +struct private_coupling_plugin_t { + + /** + * implements plugin interface + */ + coupling_plugin_t public; + + /** + * validator controlling couplings + */ + coupling_validator_t *validator; +}; + +METHOD(plugin_t, get_name, char*, + private_coupling_plugin_t *this) +{ + return "coupling"; +} + +METHOD(plugin_t, destroy, void, + private_coupling_plugin_t *this) +{ + lib->credmgr->remove_validator(lib->credmgr, &this->validator->validator); + this->validator->destroy(this->validator); + free(this); +} + +/** + * Plugin constructor + */ +plugin_t *coupling_plugin_create() +{ + private_coupling_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .validator = coupling_validator_create(), + ); + + if (!this->validator) + { + free(this); + return NULL; + } + + lib->credmgr->add_validator(lib->credmgr, &this->validator->validator); + + return &this->public.plugin; +} diff --git a/src/libcharon/plugins/coupling/coupling_plugin.h b/src/libcharon/plugins/coupling/coupling_plugin.h new file mode 100644 index 000000000..645100b45 --- /dev/null +++ b/src/libcharon/plugins/coupling/coupling_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup coupling coupling + * @ingroup cplugins + * + * @defgroup coupling_plugin coupling_plugin + * @{ @ingroup coupling + */ + +#ifndef COUPLING_PLUGIN_H_ +#define COUPLING_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct coupling_plugin_t coupling_plugin_t; + +/** + * Plugin to couple peer certificates permanently to peer authentication. + */ +struct coupling_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** COUPLING_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/coupling/coupling_validator.c b/src/libcharon/plugins/coupling/coupling_validator.c new file mode 100644 index 000000000..06b6f7d86 --- /dev/null +++ b/src/libcharon/plugins/coupling/coupling_validator.c @@ -0,0 +1,258 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "coupling_validator.h" + +#include <errno.h> +#include <time.h> + +#include <daemon.h> +#include <threading/mutex.h> + +/* buffer size for hex-encoded hash */ +#define MAX_HASH_SIZE (HASH_SIZE_SHA512 * 2 + 1) + +typedef struct private_coupling_validator_t private_coupling_validator_t; + +/** + * Private data of an coupling_validator_t object. + */ +struct private_coupling_validator_t { + + /** + * Public coupling_validator_t interface. + */ + coupling_validator_t public; + + /** + * Mutex + */ + mutex_t *mutex; + + /** + * File with device couplings + */ + FILE *f; + + /** + * Hasher to create hashes + */ + hasher_t *hasher; + + /** + * maximum number of couplings + */ + int max_couplings; +}; + +/** + * Get hash of a certificate + */ +static bool get_cert_hash(private_coupling_validator_t *this, + certificate_t *cert, char *hex) +{ + char buf[MAX_HASH_SIZE]; + chunk_t encoding; + + if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding)) + { + return FALSE; + } + this->hasher->get_hash(this->hasher, encoding, buf); + free(encoding.ptr); + chunk_to_hex(chunk_create(buf, this->hasher->get_hash_size(this->hasher)), + hex, FALSE); + return TRUE; +} + +/** + * Check if we have an entry for a given hash + */ +static bool has_entry(private_coupling_validator_t *this, char *hash) +{ + char line[256]; + int hash_len; + + hash_len = strlen(hash); + rewind(this->f); + + while (fgets(line, sizeof(line), this->f)) + { + if (strlen(line) >= hash_len && + strncaseeq(line, hash, hash_len)) + { + return TRUE; + } + } + return FALSE; +} + +/** + * Get the number of coupling entries we currently have + */ +static int get_number_of_entries(private_coupling_validator_t *this) +{ + char line[256]; + int count = 0; + + rewind(this->f); + + while (fgets(line, sizeof(line), this->f)) + { + /* valid entries start with hex encoded hash */ + if (strchr("1234567890abcdefABCDEF", line[0])) + { + count++; + } + } + return count; +} + +/** + * Add a new entry to the file + */ +static bool add_entry(private_coupling_validator_t *this, char *hash, + identification_t *id) +{ + return fseek(this->f, 0, SEEK_END) == 0 && + fprintf(this->f, "%s %u '%Y'\n", hash, time(NULL), id) > 0; +} + +METHOD(cert_validator_t, validate, bool, + private_coupling_validator_t *this, + certificate_t *subject, certificate_t *issuer, + bool online, u_int pathlen, bool anchor, auth_cfg_t *auth) +{ + bool valid = FALSE; + char hash[MAX_HASH_SIZE]; + + if (pathlen != 0) + { + return TRUE; + } + if (get_cert_hash(this, subject, hash)) + { + this->mutex->lock(this->mutex); + if (has_entry(this, hash)) + { + DBG1(DBG_CFG, "coupled certificate '%Y' found, accepted", + subject->get_subject(subject)); + valid = TRUE; + } + else if (get_number_of_entries(this) < this->max_couplings) + { + if (add_entry(this, hash, subject->get_subject(subject))) + { + DBG1(DBG_CFG, "coupled new certificate '%Y'", + subject->get_subject(subject)); + valid = TRUE; + } + else + { + DBG1(DBG_CFG, "coupling new certificate '%Y' failed", + subject->get_subject(subject)); + } + } + else + { + DBG1(DBG_CFG, "coupling new certificate '%Y' failed, limit of %d " + "couplings reached", subject->get_subject(subject), + this->max_couplings); + } + this->mutex->unlock(this->mutex); + } + return valid; +} + +METHOD(coupling_validator_t, destroy, void, + private_coupling_validator_t *this) +{ + if (this->f) + { + fclose(this->f); + } + DESTROY_IF(this->hasher); + this->mutex->destroy(this->mutex); + free(this); +} + +/** + * See header + */ +coupling_validator_t *coupling_validator_create() +{ + private_coupling_validator_t *this; + char *path, *hash; + int i; + struct { + hash_algorithm_t alg; + char *name; + } hash_types[] = { + { HASH_MD5, "md5"}, + { HASH_SHA1, "sha1"}, + { HASH_SHA256, "sha256"}, + { HASH_SHA384, "sha384"}, + { HASH_SHA512, "sha512"}, + }; + + INIT(this, + .public = { + .validator = { + .validate = _validate, + }, + .destroy = _destroy, + }, + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .max_couplings = lib->settings->get_int(lib->settings, + "charon.plugins.coupling.max", 1), + ); + + hash = lib->settings->get_str(lib->settings, + "charon.plugins.coupling.hash", "sha1"); + for (i = 0; i < countof(hash_types); i++) + { + if (strcaseeq(hash_types[i].name, hash)) + { + this->hasher = lib->crypto->create_hasher(lib->crypto, + hash_types[i].alg); + break; + } + } + if (!this->hasher) + { + DBG1(DBG_CFG, "unsupported coupling hash algorithm: %s", hash); + destroy(this); + return NULL; + } + + path = lib->settings->get_str(lib->settings, + "charon.plugins.coupling.file", NULL); + if (!path) + { + DBG1(DBG_CFG, "coupling file path unspecified"); + destroy(this); + return NULL; + } + this->f = fopen(path, "a+"); + if (!this->f) + { + DBG1(DBG_CFG, "opening coupling file '%s' failed: %s", + path, strerror(errno)); + destroy(this); + return NULL; + } + setlinebuf(this->f); + return &this->public; +} diff --git a/src/libcharon/plugins/coupling/coupling_validator.h b/src/libcharon/plugins/coupling/coupling_validator.h new file mode 100644 index 000000000..d6b4d3718 --- /dev/null +++ b/src/libcharon/plugins/coupling/coupling_validator.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup coupling_validator coupling_validator + * @{ @ingroup coupling + */ + +#ifndef COUPLING_VALIDATOR_H_ +#define COUPLING_VALIDATOR_H_ + +#include <credentials/cert_validator.h> + +typedef struct coupling_validator_t coupling_validator_t; + +/** + * Validator that couples authenticated certificates permanently. + */ +struct coupling_validator_t { + + /** + * Implements cert_validator_t interface. + */ + cert_validator_t validator; + + /** + * Destroy a coupling_validator_t. + */ + void (*destroy)(coupling_validator_t *this); +}; + +/** + * Create a coupling_validator instance. + */ +coupling_validator_t *coupling_validator_create(); + +#endif /** COUPLING_VALIDATOR_H_ @}*/ diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in index 9c4ad3a02..7853659df 100644 --- a/src/libcharon/plugins/dhcp/Makefile.in +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/dhcp/dhcp_plugin.c b/src/libcharon/plugins/dhcp/dhcp_plugin.c index fccc99ba5..f8782c2a4 100644 --- a/src/libcharon/plugins/dhcp/dhcp_plugin.c +++ b/src/libcharon/plugins/dhcp/dhcp_plugin.c @@ -44,6 +44,12 @@ struct private_dhcp_plugin_t { dhcp_provider_t *provider; }; +METHOD(plugin_t, get_name, char*, + private_dhcp_plugin_t *this) +{ + return "dhcp"; +} + METHOD(plugin_t, destroy, void, private_dhcp_plugin_t *this) { @@ -64,6 +70,8 @@ plugin_t *dhcp_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index 521bf5595..c98d50554 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -201,6 +201,9 @@ static int prepare_dhcp(private_dhcp_socket_t *this, dhcp->transaction_id = transaction->get_id(transaction); if (chunk_equals(broadcast, this->dst->get_address(this->dst))) { + /* Set broadcast flag to get broadcasted replies, as we actually + * do not own the MAC we request an address for. */ + dhcp->flags = htons(0x8000); /* TODO: send with 0.0.0.0 source address */ } else @@ -459,11 +462,7 @@ static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) { dhcp_transaction_t *transaction = NULL; enumerator_t *enumerator; -<<<<<<< HEAD - host_t *offer, *server; -======= host_t *offer, *server = NULL; ->>>>>>> upstream/4.5.1 offer = host_create_from_chunk(AF_INET, chunk_from_thing(dhcp->your_address), 0); @@ -504,11 +503,7 @@ static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) chunk_create((char*)&option->data[pos], 4)); } } -<<<<<<< HEAD - if (option->type == DHCP_SERVER_ID && option->len == 4) -======= if (!server && option->type == DHCP_SERVER_ID && option->len == 4) ->>>>>>> upstream/4.5.1 { server = host_create_from_chunk(AF_INET, chunk_create(option->data, 4), DHCP_SERVER_PORT); @@ -523,19 +518,11 @@ static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) } DBG1(DBG_CFG, "received DHCP OFFER %H from %H", offer, server); transaction->set_address(transaction, offer->clone(offer)); -<<<<<<< HEAD - transaction->set_server(transaction, server->clone(server)); -======= transaction->set_server(transaction, server); ->>>>>>> upstream/4.5.1 } this->mutex->unlock(this->mutex); this->condvar->broadcast(this->condvar); offer->destroy(offer); -<<<<<<< HEAD - server->destroy(server); -======= ->>>>>>> upstream/4.5.1 } /** diff --git a/src/libcharon/plugins/duplicheck/Makefile.am b/src/libcharon/plugins/duplicheck/Makefile.am new file mode 100644 index 000000000..63c91dfab --- /dev/null +++ b/src/libcharon/plugins/duplicheck/Makefile.am @@ -0,0 +1,21 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic \ + -DIPSEC_PIDDIR=\"${piddir}\" + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-duplicheck.la +else +plugin_LTLIBRARIES = libstrongswan-duplicheck.la +endif + +libstrongswan_duplicheck_la_SOURCES = duplicheck_plugin.h duplicheck_plugin.c \ + duplicheck_listener.h duplicheck_listener.c \ + duplicheck_notify.h duplicheck_notify.c + +libstrongswan_duplicheck_la_LDFLAGS = -module -avoid-version + +ipsec_PROGRAMS = duplicheck +duplicheck_SOURCES = duplicheck.c diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in new file mode 100644 index 000000000..8cffa2f10 --- /dev/null +++ b/src/libcharon/plugins/duplicheck/Makefile.in @@ -0,0 +1,668 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +ipsec_PROGRAMS = duplicheck$(EXEEXT) +subdir = src/libcharon/plugins/duplicheck +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_duplicheck_la_LIBADD = +am_libstrongswan_duplicheck_la_OBJECTS = duplicheck_plugin.lo \ + duplicheck_listener.lo duplicheck_notify.lo +libstrongswan_duplicheck_la_OBJECTS = \ + $(am_libstrongswan_duplicheck_la_OBJECTS) +libstrongswan_duplicheck_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_duplicheck_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_duplicheck_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_duplicheck_la_rpath = +PROGRAMS = $(ipsec_PROGRAMS) +am_duplicheck_OBJECTS = duplicheck.$(OBJEXT) +duplicheck_OBJECTS = $(am_duplicheck_OBJECTS) +duplicheck_LDADD = $(LDADD) +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_duplicheck_la_SOURCES) $(duplicheck_SOURCES) +DIST_SOURCES = $(libstrongswan_duplicheck_la_SOURCES) \ + $(duplicheck_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic \ + -DIPSEC_PIDDIR=\"${piddir}\" + +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-duplicheck.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-duplicheck.la +libstrongswan_duplicheck_la_SOURCES = duplicheck_plugin.h duplicheck_plugin.c \ + duplicheck_listener.h duplicheck_listener.c \ + duplicheck_notify.h duplicheck_notify.c + +libstrongswan_duplicheck_la_LDFLAGS = -module -avoid-version +duplicheck_SOURCES = duplicheck.c +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/duplicheck/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/duplicheck/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-duplicheck.la: $(libstrongswan_duplicheck_la_OBJECTS) $(libstrongswan_duplicheck_la_DEPENDENCIES) + $(libstrongswan_duplicheck_la_LINK) $(am_libstrongswan_duplicheck_la_rpath) $(libstrongswan_duplicheck_la_OBJECTS) $(libstrongswan_duplicheck_la_LIBADD) $(LIBS) +install-ipsecPROGRAMS: $(ipsec_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-ipsecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files + +clean-ipsecPROGRAMS: + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +duplicheck$(EXEEXT): $(duplicheck_OBJECTS) $(duplicheck_DEPENDENCIES) + @rm -f duplicheck$(EXEEXT) + $(LINK) $(duplicheck_OBJECTS) $(duplicheck_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/duplicheck.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/duplicheck_listener.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/duplicheck_notify.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/duplicheck_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \ + clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-ipsecPROGRAMS install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-ipsecPROGRAMS clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES ctags distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-ipsecPROGRAMS install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-ipsecPROGRAMS \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/duplicheck/duplicheck.c b/src/libcharon/plugins/duplicheck/duplicheck.c new file mode 100644 index 000000000..99731a22b --- /dev/null +++ b/src/libcharon/plugins/duplicheck/duplicheck.c @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <sys/socket.h> +#include <sys/un.h> +#include <unistd.h> +#include <stddef.h> +#include <stdio.h> +#include <errno.h> + +#define DUPLICHECK_SOCKET IPSEC_PIDDIR "/charon.dck" + +int main(int argc, char *argv[]) +{ + struct sockaddr_un addr; + char buf[128]; + int fd, len; + + addr.sun_family = AF_UNIX; + strcpy(addr.sun_path, DUPLICHECK_SOCKET); + + fd = socket(AF_UNIX, SOCK_SEQPACKET, 0); + if (fd < 0) + { + fprintf(stderr, "opening socket failed: %s\n", strerror(errno)); + return 1; + } + if (connect(fd, (struct sockaddr *)&addr, + offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path)) < 0) + { + fprintf(stderr, "connecting to %s failed: %s\n", + DUPLICHECK_SOCKET, strerror(errno)); + close(fd); + return 1; + } + while (1) + { + len = recv(fd, &buf, sizeof(buf) - 1, 0); + if (len < 0) + { + fprintf(stderr, "reading from socket failed: %s\n", strerror(errno)); + close(fd); + return 1; + } + printf("%.*s\n", len, buf); + } +} diff --git a/src/libcharon/plugins/duplicheck/duplicheck_listener.c b/src/libcharon/plugins/duplicheck/duplicheck_listener.c new file mode 100644 index 000000000..226b2bd4e --- /dev/null +++ b/src/libcharon/plugins/duplicheck/duplicheck_listener.c @@ -0,0 +1,262 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "duplicheck_listener.h" + +#include <daemon.h> +#include <threading/mutex.h> +#include <utils/hashtable.h> +#include <encoding/payloads/delete_payload.h> +#include <processing/jobs/delete_ike_sa_job.h> + +typedef struct private_duplicheck_listener_t private_duplicheck_listener_t; + +/** + * Private data of an duplicheck_listener_t object. + */ +struct private_duplicheck_listener_t { + + /** + * Public duplicheck_listener_t interface. + */ + duplicheck_listener_t public; + + /** + * Socket to send notifications to + */ + duplicheck_notify_t *notify; + + /** + * Mutex to lock hashtables + */ + mutex_t *mutex; + + /** + * Hashtable of active IKE_SAs, identification_t => entry_t + */ + hashtable_t *active; + + /** + * Hashtable with active liveness checks, identification_t => entry_t + */ + hashtable_t *checking; +}; + +/** + * Entry for hashtables + */ +typedef struct { + /** peer identity */ + identification_t *id; + /** IKE_SA identifier */ + ike_sa_id_t *sa; +} entry_t; + +/** + * Destroy a hashtable entry + */ +static void entry_destroy(entry_t *this) +{ + this->id->destroy(this->id); + this->sa->destroy(this->sa); + free(this); +} + +/** + * Hashtable hash function + */ +static u_int hash(identification_t *key) +{ + return chunk_hash(key->get_encoding(key)); +} + +/** + * Hashtable equals function + */ +static bool equals(identification_t *a, identification_t *b) +{ + return a->equals(a, b); +} + +METHOD(listener_t, ike_rekey, bool, + private_duplicheck_listener_t *this, ike_sa_t *old, ike_sa_t *new) +{ + identification_t *id; + ike_sa_id_t *sa; + entry_t *entry; + + sa = new->get_id(new); + id = new->get_other_id(new); + + INIT(entry, + .id = id->clone(id), + .sa = sa->clone(sa), + ); + this->mutex->lock(this->mutex); + entry = this->active->put(this->active, entry->id, entry); + this->mutex->unlock(this->mutex); + if (entry) + { + entry_destroy(entry); + } + return TRUE; +} + +METHOD(listener_t, ike_updown, bool, + private_duplicheck_listener_t *this, ike_sa_t *ike_sa, bool up) +{ + identification_t *id; + ike_sa_id_t *sa; + entry_t *entry; + job_t *job; + + sa = ike_sa->get_id(ike_sa); + id = ike_sa->get_other_id(ike_sa); + + if (up) + { + INIT(entry, + .id = id->clone(id), + .sa = sa->clone(sa), + ); + this->mutex->lock(this->mutex); + entry = this->active->put(this->active, entry->id, entry); + this->mutex->unlock(this->mutex); + if (entry) + { + DBG1(DBG_CFG, "detected duplicate IKE_SA for '%Y', " + "triggering delete for old IKE_SA", id); + job = (job_t*)delete_ike_sa_job_create(entry->sa, TRUE); + this->mutex->lock(this->mutex); + entry = this->checking->put(this->checking, entry->id, entry); + this->mutex->unlock(this->mutex); + lib->processor->queue_job(lib->processor, job); + if (entry) + { + entry_destroy(entry); + } + } + } + else + { + this->mutex->lock(this->mutex); + entry = this->checking->remove(this->checking, id); + this->mutex->unlock(this->mutex); + if (entry) + { + DBG1(DBG_CFG, "delete for duplicate IKE_SA '%Y' timed out, " + "keeping new IKE_SA", id); + entry_destroy(entry); + } + else + { + this->mutex->lock(this->mutex); + entry = this->active->remove(this->active, id); + this->mutex->unlock(this->mutex); + if (entry) + { + entry_destroy(entry); + } + } + } + return TRUE; +} + +METHOD(listener_t, message_hook, bool, + private_duplicheck_listener_t *this, ike_sa_t *ike_sa, + message_t *message, bool incoming) +{ + if (incoming && !message->get_request(message)) + { + identification_t *id; + entry_t *entry; + + id = ike_sa->get_other_id(ike_sa); + this->mutex->lock(this->mutex); + entry = this->checking->remove(this->checking, id); + this->mutex->unlock(this->mutex); + if (entry) + { + DBG1(DBG_CFG, "got a response on a duplicate IKE_SA for '%Y', " + "deleting new IKE_SA", id); + entry_destroy(entry); + this->mutex->lock(this->mutex); + entry = this->active->remove(this->active, id); + this->mutex->unlock(this->mutex); + if (entry) + { + lib->processor->queue_job(lib->processor, + (job_t*)delete_ike_sa_job_create(entry->sa, TRUE)); + entry_destroy(entry); + } + this->notify->send(this->notify, id); + } + } + return TRUE; +} + +METHOD(duplicheck_listener_t, destroy, void, + private_duplicheck_listener_t *this) +{ + enumerator_t *enumerator; + identification_t *key; + entry_t *value; + + enumerator = this->active->create_enumerator(this->active); + while (enumerator->enumerate(enumerator, &key, &value)) + { + entry_destroy(value); + } + enumerator->destroy(enumerator); + + enumerator = this->checking->create_enumerator(this->checking); + while (enumerator->enumerate(enumerator, &key, &value)) + { + entry_destroy(value); + } + enumerator->destroy(enumerator); + + this->active->destroy(this->active); + this->checking->destroy(this->checking); + this->mutex->destroy(this->mutex); + free(this); +} + +/** + * See header + */ +duplicheck_listener_t *duplicheck_listener_create(duplicheck_notify_t *notify) +{ + private_duplicheck_listener_t *this; + + INIT(this, + .public = { + .listener = { + .ike_rekey = _ike_rekey, + .ike_updown = _ike_updown, + .message = _message_hook, + }, + .destroy = _destroy, + }, + .notify = notify, + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .active = hashtable_create((hashtable_hash_t)hash, + (hashtable_equals_t)equals, 32), + .checking = hashtable_create((hashtable_hash_t)hash, + (hashtable_equals_t)equals, 2), + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/duplicheck/duplicheck_listener.h b/src/libcharon/plugins/duplicheck/duplicheck_listener.h new file mode 100644 index 000000000..7c575dd64 --- /dev/null +++ b/src/libcharon/plugins/duplicheck/duplicheck_listener.h @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup duplicheck_listener duplicheck_listener + * @{ @ingroup duplicheck + */ + +#ifndef DUPLICHECK_LISTENER_H_ +#define DUPLICHECK_LISTENER_H_ + +#include "duplicheck_notify.h" + +#include <bus/listeners/listener.h> + +typedef struct duplicheck_listener_t duplicheck_listener_t; + +/** + * Listener checking for duplicates. + */ +struct duplicheck_listener_t { + + /** + * Implements listener_t interface. + */ + listener_t listener; + + /** + * Destroy a duplicheck_listener_t. + */ + void (*destroy)(duplicheck_listener_t *this); +}; + +/** + * Create a duplicheck_listener instance. + * + * @param notify socket to send notifications to + * @return listener + */ +duplicheck_listener_t *duplicheck_listener_create(duplicheck_notify_t *notify); + +#endif /** DUPLICHECK_LISTENER_H_ @}*/ diff --git a/src/libcharon/plugins/duplicheck/duplicheck_notify.c b/src/libcharon/plugins/duplicheck/duplicheck_notify.c new file mode 100644 index 000000000..4e7618235 --- /dev/null +++ b/src/libcharon/plugins/duplicheck/duplicheck_notify.c @@ -0,0 +1,211 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "duplicheck_notify.h" + +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <sys/un.h> +#include <unistd.h> +#include <errno.h> + +#include <daemon.h> +#include <threading/mutex.h> +#include <threading/thread.h> +#include <utils/linked_list.h> +#include <processing/jobs/callback_job.h> + +#define DUPLICHECK_SOCKET IPSEC_PIDDIR "/charon.dck" + +typedef struct private_duplicheck_notify_t private_duplicheck_notify_t; + +/** + * Private data of an duplicheck_notify_t object. + */ +struct private_duplicheck_notify_t { + + /** + * Public duplicheck_notify_t interface. + */ + duplicheck_notify_t public; + + /** + * Callback job dispatching connections + */ + callback_job_t *job; + + /** + * Mutex to lock list + */ + mutex_t *mutex; + + /** + * List of connected sockets + */ + linked_list_t *connected; + + /** + * Socket dispatching connections + */ + int socket; +}; + +/** + * Open duplicheck unix socket + */ +static bool open_socket(private_duplicheck_notify_t *this) +{ + struct sockaddr_un addr; + mode_t old; + + addr.sun_family = AF_UNIX; + strcpy(addr.sun_path, DUPLICHECK_SOCKET); + + this->socket = socket(AF_UNIX, SOCK_SEQPACKET, 0); + if (this->socket == -1) + { + DBG1(DBG_CFG, "creating duplicheck socket failed"); + return FALSE; + } + unlink(addr.sun_path); + old = umask(~(S_IRWXU | S_IRWXG)); + if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr)) < 0) + { + DBG1(DBG_CFG, "binding duplicheck socket failed: %s", strerror(errno)); + close(this->socket); + return FALSE; + } + umask(old); + if (chown(addr.sun_path, charon->uid, charon->gid) != 0) + { + DBG1(DBG_CFG, "changing duplicheck socket permissions failed: %s", + strerror(errno)); + } + if (listen(this->socket, 3) < 0) + { + DBG1(DBG_CFG, "listening on duplicheck socket failed: %s", + strerror(errno)); + close(this->socket); + unlink(addr.sun_path); + return FALSE; + } + return TRUE; +} + +/** + * Accept duplicheck notification connections + */ +static job_requeue_t receive(private_duplicheck_notify_t *this) +{ + struct sockaddr_un addr; + int len = sizeof(addr); + uintptr_t fd; + bool oldstate; + + oldstate = thread_cancelability(TRUE); + fd = accept(this->socket, (struct sockaddr*)&addr, &len); + thread_cancelability(oldstate); + + if (fd != -1) + { + this->mutex->lock(this->mutex); + this->connected->insert_last(this->connected, (void*)fd); + this->mutex->unlock(this->mutex); + } + else + { + DBG1(DBG_CFG, "accepting duplicheck connection failed: %s", + strerror(errno)); + } + return JOB_REQUEUE_FAIR; +} + +METHOD(duplicheck_notify_t, send_, void, + private_duplicheck_notify_t *this, identification_t *id) +{ + char buf[128]; + enumerator_t *enumerator; + uintptr_t fd; + int len; + + len = snprintf(buf, sizeof(buf), "%Y", id); + if (len > 0 && len < sizeof(buf)) + { + this->mutex->lock(this->mutex); + enumerator = this->connected->create_enumerator(this->connected); + while (enumerator->enumerate(enumerator, &fd)) + { + if (send(fd, &buf, len + 1, 0) != len + 1) + { + DBG1(DBG_CFG, "sending duplicheck notify failed: %s", + strerror(errno)); + this->connected->remove_at(this->connected, enumerator); + close(fd); + } + } + enumerator->destroy(enumerator); + this->mutex->unlock(this->mutex); + } +} + +METHOD(duplicheck_notify_t, destroy, void, + private_duplicheck_notify_t *this) +{ + enumerator_t *enumerator; + uintptr_t fd; + + if (this->job) + { + this->job->cancel(this->job); + } + enumerator = this->connected->create_enumerator(this->connected); + while (enumerator->enumerate(enumerator, &fd)) + { + close(fd); + } + enumerator->destroy(enumerator); + this->connected->destroy(this->connected); + this->mutex->destroy(this->mutex); + free(this); +} + +/** + * See header + */ +duplicheck_notify_t *duplicheck_notify_create() +{ + private_duplicheck_notify_t *this; + + INIT(this, + .public = { + .send = _send_, + .destroy = _destroy, + }, + .connected = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + ); + + if (!open_socket(this)) + { + destroy(this); + return NULL; + } + this->job = callback_job_create((callback_job_cb_t)receive, + this, NULL, NULL); + lib->processor->queue_job(lib->processor, (job_t*)this->job); + + return &this->public; +} diff --git a/src/libcharon/plugins/duplicheck/duplicheck_notify.h b/src/libcharon/plugins/duplicheck/duplicheck_notify.h new file mode 100644 index 000000000..43dd20cca --- /dev/null +++ b/src/libcharon/plugins/duplicheck/duplicheck_notify.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup duplicheck_notify duplicheck_notify + * @{ @ingroup duplicheck + */ + +#ifndef DUPLICHECK_NOTIFY_H_ +#define DUPLICHECK_NOTIFY_H_ + +#include <utils/identification.h> + +typedef struct duplicheck_notify_t duplicheck_notify_t; + +/** + * Sends notifications over a unix socket when duplicates are detected. + */ +struct duplicheck_notify_t { + + /** + * Send a notification message if duplicate IKE_SA detected. + * + * @param id identity a duplicate tunnel has been detected + */ + void (*send)(duplicheck_notify_t *this, identification_t *id); + + /** + * Destroy a duplicheck_notify_t. + */ + void (*destroy)(duplicheck_notify_t *this); +}; + +/** + * Create a duplicheck_notify instance. + */ +duplicheck_notify_t *duplicheck_notify_create(); + +#endif /** DUPLICHECK_NOTIFY_H_ @}*/ diff --git a/src/libcharon/plugins/duplicheck/duplicheck_plugin.c b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c new file mode 100644 index 000000000..5bc1a14af --- /dev/null +++ b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c @@ -0,0 +1,94 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "duplicheck_plugin.h" + +#include "duplicheck_notify.h" +#include "duplicheck_listener.h" + +#include <daemon.h> + +typedef struct private_duplicheck_plugin_t private_duplicheck_plugin_t; + +/** + * Private data of duplicheck plugin + */ +struct private_duplicheck_plugin_t { + + /** + * Implements plugin interface + */ + duplicheck_plugin_t public; + + /** + * Listener doing duplicate checks + */ + duplicheck_listener_t *listener; + + /** + * Notification sender facility + */ + duplicheck_notify_t *notify; +}; + +METHOD(plugin_t, get_name, char*, + private_duplicheck_plugin_t *this) +{ + return "duplicheck"; +} + +METHOD(plugin_t, destroy, void, + private_duplicheck_plugin_t *this) +{ + charon->bus->remove_listener(charon->bus, &this->listener->listener); + this->notify->destroy(this->notify); + this->listener->destroy(this->listener); + free(this); +} + +/** + * Plugin constructor + */ +plugin_t *duplicheck_plugin_create() +{ + private_duplicheck_plugin_t *this; + + if (!lib->settings->get_bool(lib->settings, + "charon.plugins.duplicheck.enabled", TRUE)) + { + return NULL; + } + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .notify = duplicheck_notify_create(), + ); + + if (!this->notify) + { + free(this); + return NULL; + } + this->listener = duplicheck_listener_create(this->notify); + charon->bus->add_listener(charon->bus, &this->listener->listener); + + return &this->public.plugin; +} diff --git a/src/libcharon/plugins/duplicheck/duplicheck_plugin.h b/src/libcharon/plugins/duplicheck/duplicheck_plugin.h new file mode 100644 index 000000000..3dddf1494 --- /dev/null +++ b/src/libcharon/plugins/duplicheck/duplicheck_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup duplicheck duplicheck + * @ingroup cplugins + * + * @defgroup duplicheck_plugin duplicheck_plugin + * @{ @ingroup duplicheck + */ + +#ifndef DUPLICHECK_PLUGIN_H_ +#define DUPLICHECK_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct duplicheck_plugin_t duplicheck_plugin_t; + +/** + * Advanced duplicate checking using liveness checks. + */ +struct duplicheck_plugin_t { + + /** + * Implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** DUPLICHECK_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index adb0d8344..666e22957 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_aka/eap_aka_peer.c b/src/libcharon/plugins/eap_aka/eap_aka_peer.c index dfcc69710..df0c4c5b4 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_peer.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.c @@ -54,6 +54,11 @@ struct private_eap_aka_peer_t { identification_t *reauth; /** + * EAP message identifier + */ + u_int8_t identifier; + + /** * MSK */ chunk_t msk; @@ -72,8 +77,7 @@ struct private_eap_aka_peer_t { /** * Create a AKA_CLIENT_ERROR: "Unable to process" */ -static eap_payload_t* create_client_error(private_eap_aka_peer_t *this, - u_int8_t identifier) +static eap_payload_t* create_client_error(private_eap_aka_peer_t *this) { simaka_message_t *message; eap_payload_t *out; @@ -82,7 +86,7 @@ static eap_payload_t* create_client_error(private_eap_aka_peer_t *this, DBG1(DBG_IKE, "sending client error '%N'", simaka_client_error_names, AKA_UNABLE_TO_PROCESS); - message = simaka_message_create(FALSE, identifier, EAP_AKA, + message = simaka_message_create(FALSE, this->identifier, EAP_AKA, AKA_CLIENT_ERROR, this->crypto); encoded = htons(AKA_UNABLE_TO_PROCESS); message->add_attribute(message, AT_CLIENT_ERROR_CODE, @@ -124,7 +128,7 @@ static status_t process_identity(private_eap_aka_peer_t *this, default: if (!simaka_attribute_skippable(type)) { - *out = create_client_error(this, in->get_identifier(in)); + *out = create_client_error(this); enumerator->destroy(enumerator); return NEED_MORE; } @@ -159,7 +163,7 @@ static status_t process_identity(private_eap_aka_peer_t *this, default: break; } - message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, + message = simaka_message_create(FALSE, this->identifier, EAP_AKA, AKA_IDENTITY, this->crypto); if (id.len) { @@ -200,7 +204,7 @@ static status_t process_challenge(private_eap_aka_peer_t *this, default: if (!simaka_attribute_skippable(type)) { - *out = create_client_error(this, in->get_identifier(in)); + *out = create_client_error(this); enumerator->destroy(enumerator); return NEED_MORE; } @@ -212,7 +216,7 @@ static status_t process_challenge(private_eap_aka_peer_t *this, if (!rand.len || !autn.len) { DBG1(DBG_IKE, "received invalid EAP-AKA challenge message"); - *out = create_client_error(this, in->get_identifier(in)); + *out = create_client_error(this); return NEED_MORE; } @@ -258,7 +262,7 @@ static status_t process_challenge(private_eap_aka_peer_t *this, * reading encrypted attributes */ if (!in->verify(in, chunk_empty) || !in->parse(in)) { - *out = create_client_error(this, in->get_identifier(in)); + *out = create_client_error(this); return NEED_MORE; } @@ -285,7 +289,7 @@ static status_t process_challenge(private_eap_aka_peer_t *this, } enumerator->destroy(enumerator); - message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, + message = simaka_message_create(FALSE, this->identifier, EAP_AKA, AKA_CHALLENGE, this->crypto); message->add_attribute(message, AT_RES, chunk_create(res, res_len)); *out = message->generate(message, chunk_empty); @@ -320,7 +324,7 @@ static status_t process_reauthentication(private_eap_aka_peer_t *this, { DBG1(DBG_IKE, "received %N, but not expected", simaka_subtype_names, AKA_REAUTHENTICATION); - *out = create_client_error(this, in->get_identifier(in)); + *out = create_client_error(this); return NEED_MORE; } @@ -330,7 +334,7 @@ static status_t process_reauthentication(private_eap_aka_peer_t *this, /* verify MAC and parse again with decryption key */ if (!in->verify(in, chunk_empty) || !in->parse(in)) { - *out = create_client_error(this, in->get_identifier(in)); + *out = create_client_error(this); return NEED_MORE; } @@ -351,7 +355,7 @@ static status_t process_reauthentication(private_eap_aka_peer_t *this, default: if (!simaka_attribute_skippable(type)) { - *out = create_client_error(this, in->get_identifier(in)); + *out = create_client_error(this); enumerator->destroy(enumerator); return NEED_MORE; } @@ -363,7 +367,7 @@ static status_t process_reauthentication(private_eap_aka_peer_t *this, if (!nonce.len || !counter.len) { DBG1(DBG_IKE, "EAP-AKA/Request/Reauthentication message incomplete"); - *out = create_client_error(this, in->get_identifier(in)); + *out = create_client_error(this); return NEED_MORE; } @@ -440,38 +444,38 @@ static status_t process_notification(private_eap_aka_peer_t *this, if (success) { /* empty notification reply */ - message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, + message = simaka_message_create(FALSE, this->identifier, EAP_AKA, AKA_NOTIFICATION, this->crypto); *out = message->generate(message, chunk_empty); message->destroy(message); } else { - *out = create_client_error(this, in->get_identifier(in)); + *out = create_client_error(this); } return NEED_MORE; } -/** - * Implementation of eap_method_t.process - */ -static status_t process(private_eap_aka_peer_t *this, - eap_payload_t *in, eap_payload_t **out) +METHOD(eap_method_t, process, status_t, + private_eap_aka_peer_t *this, eap_payload_t *in, eap_payload_t **out) { simaka_message_t *message; status_t status; + /* store received EAP message identifier */ + this->identifier = in->get_identifier(in); + message = simaka_message_create_from_payload(in, this->crypto); if (!message) { - *out = create_client_error(this, in->get_identifier(in)); + *out = create_client_error(this); return NEED_MORE; } if (!message->parse(message)) { message->destroy(message); - *out = create_client_error(this, in->get_identifier(in)); + *out = create_client_error(this); return NEED_MORE; } switch (message->get_subtype(message)) @@ -491,7 +495,7 @@ static status_t process(private_eap_aka_peer_t *this, default: DBG1(DBG_IKE, "unable to process EAP-AKA subtype %N", simaka_subtype_names, message->get_subtype(message)); - *out = create_client_error(this, in->get_identifier(in)); + *out = create_client_error(this); status = NEED_MORE; break; } @@ -499,28 +503,22 @@ static status_t process(private_eap_aka_peer_t *this, return status; } -/** - * Implementation of eap_method_t.initiate - */ -static status_t initiate(private_eap_aka_peer_t *this, eap_payload_t **out) +METHOD(eap_method_t, initiate, status_t, + private_eap_aka_peer_t *this, eap_payload_t **out) { /* peer never initiates */ return FAILED; } -/** - * Implementation of eap_method_t.get_type. - */ -static eap_type_t get_type(private_eap_aka_peer_t *this, u_int32_t *vendor) +METHOD(eap_method_t, get_type, eap_type_t, + private_eap_aka_peer_t *this, u_int32_t *vendor) { *vendor = 0; return EAP_AKA; } -/** - * Implementation of eap_method_t.get_msk. - */ -static status_t get_msk(private_eap_aka_peer_t *this, chunk_t *msk) +METHOD(eap_method_t, get_msk, status_t, + private_eap_aka_peer_t *this, chunk_t *msk) { if (this->msk.ptr) { @@ -530,18 +528,26 @@ static status_t get_msk(private_eap_aka_peer_t *this, chunk_t *msk) return FAILED; } -/** - * Implementation of eap_method_t.is_mutual. - */ -static bool is_mutual(private_eap_aka_peer_t *this) +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_aka_peer_t *this) +{ + return this->identifier; +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_aka_peer_t *this, u_int8_t identifier) +{ + this->identifier = identifier; +} + +METHOD(eap_method_t, is_mutual, bool, + private_eap_aka_peer_t *this) { return TRUE; } -/** - * Implementation of eap_method_t.destroy. - */ -static void destroy(private_eap_aka_peer_t *this) +METHOD(eap_method_t, destroy, void, + private_eap_aka_peer_t *this) { this->crypto->destroy(this->crypto); this->permanent->destroy(this->permanent); @@ -557,25 +563,31 @@ static void destroy(private_eap_aka_peer_t *this) eap_aka_peer_t *eap_aka_peer_create(identification_t *server, identification_t *peer) { - private_eap_aka_peer_t *this = malloc_thing(private_eap_aka_peer_t); - - this->public.interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; - this->public.interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; - this->public.interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; - this->public.interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; - this->public.interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; - this->public.interface.destroy = (void(*)(eap_method_t*))destroy; + private_eap_aka_peer_t *this; + + INIT(this, + .public = { + .interface = { + .initiate = _initiate, + .process = _process, + .get_type = _get_type, + .is_mutual = _is_mutual, + .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, + .destroy = _destroy, + }, + }, + .crypto = simaka_crypto_create(), + ); - this->crypto = simaka_crypto_create(); if (!this->crypto) { free(this); return NULL; } + this->permanent = peer->clone(peer); - this->pseudonym = NULL; - this->reauth = NULL; - this->msk = chunk_empty; return &this->public; } diff --git a/src/libcharon/plugins/eap_aka/eap_aka_plugin.c b/src/libcharon/plugins/eap_aka/eap_aka_plugin.c index f9283393a..394a14b59 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_plugin.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_plugin.c @@ -20,10 +20,14 @@ #include <daemon.h> -/** - * Implementation of plugin_t.destroy - */ -static void destroy(eap_aka_plugin_t *this) +METHOD(plugin_t, get_name, char*, + eap_aka_plugin_t *this) +{ + return "eap-aka"; +} + +METHOD(plugin_t, destroy, void, + eap_aka_plugin_t *this) { charon->eap->remove_method(charon->eap, (eap_constructor_t)eap_aka_server_create); @@ -37,9 +41,15 @@ static void destroy(eap_aka_plugin_t *this) */ plugin_t *eap_aka_plugin_create() { - eap_aka_plugin_t *this = malloc_thing(eap_aka_plugin_t); - - this->plugin.destroy = (void(*)(plugin_t*))destroy; + eap_aka_plugin_t *this; + + INIT(this, + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + ); charon->eap->add_method(charon->eap, EAP_AKA, 0, EAP_SERVER, (eap_constructor_t)eap_aka_server_create); diff --git a/src/libcharon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c index 9baff3e23..bf0020ad8 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_server.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c @@ -57,7 +57,7 @@ struct private_eap_aka_server_t { identification_t *reauth; /** - * EAP identifier value + * EAP message identifier */ u_int8_t identifier; @@ -251,10 +251,8 @@ static status_t reauthenticate(private_eap_aka_server_t *this, return NEED_MORE; } -/** - * Implementation of eap_method_t.initiate - */ -static status_t initiate(private_eap_aka_server_t *this, eap_payload_t **out) +METHOD(eap_method_t, initiate, status_t, + private_eap_aka_server_t *this, eap_payload_t **out) { if (this->use_permanent || this->use_pseudonym || this->use_reauth) { @@ -560,11 +558,8 @@ static status_t process_authentication_reject(private_eap_aka_server_t *this, return FAILED; } -/** - * Implementation of eap_method_t.process - */ -static status_t process(private_eap_aka_server_t *this, - eap_payload_t *in, eap_payload_t **out) +METHOD(eap_method_t, process, status_t, + private_eap_aka_server_t *this, eap_payload_t *in, eap_payload_t **out) { simaka_message_t *message; status_t status; @@ -609,19 +604,15 @@ static status_t process(private_eap_aka_server_t *this, return status; } -/** - * Implementation of eap_method_t.get_type. - */ -static eap_type_t get_type(private_eap_aka_server_t *this, u_int32_t *vendor) +METHOD(eap_method_t, get_type, eap_type_t, + private_eap_aka_server_t *this, u_int32_t *vendor) { *vendor = 0; return EAP_AKA; } -/** - * Implementation of eap_method_t.get_msk. - */ -static status_t get_msk(private_eap_aka_server_t *this, chunk_t *msk) +METHOD(eap_method_t, get_msk, status_t, + private_eap_aka_server_t *this, chunk_t *msk) { if (this->msk.ptr) { @@ -631,18 +622,26 @@ static status_t get_msk(private_eap_aka_server_t *this, chunk_t *msk) return FAILED; } -/** - * Implementation of eap_method_t.is_mutual. - */ -static bool is_mutual(private_eap_aka_server_t *this) +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_aka_server_t *this) +{ + return this->identifier; +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_aka_server_t *this, u_int8_t identifier) +{ + this->identifier = identifier; +} + +METHOD(eap_method_t, is_mutual, bool, + private_eap_aka_server_t *this) { return TRUE; } -/** - * Implementation of eap_method_t.destroy. - */ -static void destroy(private_eap_aka_server_t *this) +METHOD(eap_method_t, destroy, void, + private_eap_aka_server_t *this) { this->crypto->destroy(this->crypto); this->permanent->destroy(this->permanent); @@ -662,34 +661,35 @@ static void destroy(private_eap_aka_server_t *this) eap_aka_server_t *eap_aka_server_create(identification_t *server, identification_t *peer) { - private_eap_aka_server_t *this = malloc_thing(private_eap_aka_server_t); - - this->public.interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; - this->public.interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; - this->public.interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; - this->public.interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; - this->public.interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; - this->public.interface.destroy = (void(*)(eap_method_t*))destroy; + private_eap_aka_server_t *this; + + INIT(this, + .public = { + .interface = { + .initiate = _initiate, + .process = _process, + .get_type = _get_type, + .is_mutual = _is_mutual, + .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, + .destroy = _destroy, + }, + }, + .crypto = simaka_crypto_create(), + ); - this->crypto = simaka_crypto_create(); if (!this->crypto) { free(this); return NULL; } + this->permanent = peer->clone(peer); - this->pseudonym = NULL; - this->reauth = NULL; - this->xres = chunk_empty; - this->rand = chunk_empty; - this->nonce = chunk_empty; - this->msk = chunk_empty; - this->counter = chunk_empty; - this->pending = 0; - this->synchronized = FALSE; this->use_reauth = this->use_pseudonym = this->use_permanent = lib->settings->get_bool(lib->settings, "charon.plugins.eap-aka.request_identity", TRUE); + /* generate a non-zero identifier */ do { this->identifier = random(); diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index 933bc8a5b..1fe86a2bb 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -224,13 +224,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -251,6 +245,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -269,14 +265,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c index 626e83311..ef5f62e34 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c @@ -48,10 +48,14 @@ struct private_eap_aka_3gpp2_t { eap_aka_3gpp2_functions_t *functions; }; -/** - * Implementation of eap_aka_3gpp2_t.destroy. - */ -static void destroy(private_eap_aka_3gpp2_t *this) +METHOD(plugin_t, get_name, char*, + private_eap_aka_3gpp2_t *this) +{ + return "eap-aka-3gpp2"; +} + +METHOD(plugin_t, destroy, void, + private_eap_aka_3gpp2_t *this) { charon->sim->remove_card(charon->sim, &this->card->card); charon->sim->remove_provider(charon->sim, &this->provider->provider); @@ -66,11 +70,19 @@ static void destroy(private_eap_aka_3gpp2_t *this) */ plugin_t *eap_aka_3gpp2_plugin_create() { - private_eap_aka_3gpp2_t *this = malloc_thing(private_eap_aka_3gpp2_t); + private_eap_aka_3gpp2_t *this; - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .functions = eap_aka_3gpp2_functions_create(), + ); - this->functions = eap_aka_3gpp2_functions_create(); if (!this->functions) { free(this); diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index 1592ea208..4f555a982 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c index f641ad13a..c3ab07de0 100644 --- a/src/libcharon/plugins/eap_gtc/eap_gtc.c +++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c @@ -70,10 +70,8 @@ struct eap_gtc_header_t { u_int8_t data[]; } __attribute__((__packed__)); -/** - * Implementation of eap_method_t.initiate for the peer - */ -static status_t initiate_peer(private_eap_gtc_t *this, eap_payload_t **out) +METHOD(eap_method_t, initiate_peer, status_t, + private_eap_gtc_t *this, eap_payload_t **out) { /* peer never initiates */ return FAILED; @@ -136,10 +134,8 @@ static bool authenticate(char *service, char *user, char *password) return ret == PAM_SUCCESS; } -/** - * Implementation of eap_method_t.initiate for the server - */ -static status_t initiate_server(private_eap_gtc_t *this, eap_payload_t **out) +METHOD(eap_method_t, initiate_server, status_t, + private_eap_gtc_t *this, eap_payload_t **out) { eap_gtc_header_t *req; size_t len; @@ -157,11 +153,8 @@ static status_t initiate_server(private_eap_gtc_t *this, eap_payload_t **out) return NEED_MORE; } -/** - * Implementation of eap_method_t.process for the peer - */ -static status_t process_peer(private_eap_gtc_t *this, - eap_payload_t *in, eap_payload_t **out) +METHOD(eap_method_t, process_peer, status_t, + private_eap_gtc_t *this, eap_payload_t *in, eap_payload_t **out) { eap_gtc_header_t *res; shared_key_t *shared; @@ -181,10 +174,11 @@ static status_t process_peer(private_eap_gtc_t *this, /* TODO: According to the draft we should "SASLprep" password, RFC4013. */ + this->identifier = in->get_identifier(in); res = alloca(sizeof(eap_gtc_header_t) + len); res->length = htons(sizeof(eap_gtc_header_t) + len); res->code = EAP_RESPONSE; - res->identifier = in->get_identifier(in); + res->identifier = this->identifier; res->type = EAP_GTC; memcpy(res->data, key.ptr, len); @@ -195,11 +189,8 @@ static status_t process_peer(private_eap_gtc_t *this, return NEED_MORE; } -/** - * Implementation of eap_method_t.process for the server - */ -static status_t process_server(private_eap_gtc_t *this, - eap_payload_t *in, eap_payload_t **out) +METHOD(eap_method_t, process_server, status_t, + private_eap_gtc_t *this, eap_payload_t *in, eap_payload_t **out) { chunk_t data, encoding; char *user, *password, *service, *pos; @@ -236,35 +227,39 @@ static status_t process_server(private_eap_gtc_t *this, return SUCCESS; } -/** - * Implementation of eap_method_t.get_type. - */ -static eap_type_t get_type(private_eap_gtc_t *this, u_int32_t *vendor) +METHOD(eap_method_t, get_type, eap_type_t, + private_eap_gtc_t *this, u_int32_t *vendor) { *vendor = 0; return EAP_GTC; } -/** - * Implementation of eap_method_t.get_msk. - */ -static status_t get_msk(private_eap_gtc_t *this, chunk_t *msk) +METHOD(eap_method_t, get_msk, status_t, + private_eap_gtc_t *this, chunk_t *msk) { return FAILED; } -/** - * Implementation of eap_method_t.is_mutual. - */ -static bool is_mutual(private_eap_gtc_t *this) +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_gtc_t *this) +{ + return this->identifier; +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_gtc_t *this, u_int8_t identifier) +{ + this->identifier = identifier; +} + +METHOD(eap_method_t, is_mutual, bool, + private_eap_gtc_t *this) { return FALSE; } -/** - * Implementation of eap_method_t.destroy. - */ -static void destroy(private_eap_gtc_t *this) +METHOD(eap_method_t, destroy, void, + private_eap_gtc_t *this) { this->peer->destroy(this->peer); this->server->destroy(this->server); @@ -277,19 +272,22 @@ static void destroy(private_eap_gtc_t *this) static private_eap_gtc_t *eap_gtc_create_generic(identification_t *server, identification_t *peer) { - private_eap_gtc_t *this = malloc_thing(private_eap_gtc_t); - - this->public.eap_method_interface.initiate = NULL; - this->public.eap_method_interface.process = NULL; - this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; - this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; - this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; - this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - - /* private data */ - this->peer = peer->clone(peer); - this->server = server->clone(server); - this->identifier = 0; + private_eap_gtc_t *this; + + INIT(this, + .public = { + .eap_method_interface = { + .get_type = _get_type, + .is_mutual = _is_mutual, + .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, + .destroy = _destroy, + }, + }, + .peer = peer->clone(peer), + .server = server->clone(server), + ); return this; } @@ -301,8 +299,8 @@ eap_gtc_t *eap_gtc_create_server(identification_t *server, identification_t *pee { private_eap_gtc_t *this = eap_gtc_create_generic(server, peer); - this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; - this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_server; + this->public.eap_method_interface.initiate = _initiate_server; + this->public.eap_method_interface.process = _process_server; /* generate a non-zero identifier */ do { @@ -319,8 +317,8 @@ eap_gtc_t *eap_gtc_create_peer(identification_t *server, identification_t *peer) { private_eap_gtc_t *this = eap_gtc_create_generic(server, peer); - this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; - this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_peer; + this->public.eap_method_interface.initiate = _initiate_peer; + this->public.eap_method_interface.process = _process_peer; return &this->public; } diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c index 91ba84b3d..c40ce60eb 100644 --- a/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c +++ b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c @@ -22,10 +22,14 @@ /* missing in cababilities.h */ #define CAP_AUDIT_WRITE 29 -/** - * Implementation of plugin_t.destroy - */ -static void destroy(eap_gtc_plugin_t *this) +METHOD(plugin_t, get_name, char*, + eap_gtc_plugin_t *this) +{ + return "eap-gtc"; +} + +METHOD(plugin_t, destroy, void, + eap_gtc_plugin_t *this) { charon->eap->remove_method(charon->eap, (eap_constructor_t)eap_gtc_create_server); @@ -39,9 +43,15 @@ static void destroy(eap_gtc_plugin_t *this) */ plugin_t *eap_gtc_plugin_create() { - eap_gtc_plugin_t *this = malloc_thing(eap_gtc_plugin_t); + eap_gtc_plugin_t *this; - this->plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + ); /* required for PAM authentication */ charon->keep_cap(charon, CAP_AUDIT_WRITE); diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index cc51086e6..9dc4602ff 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_identity/eap_identity.c b/src/libcharon/plugins/eap_identity/eap_identity.c index 03066b2f8..6ecde065c 100644 --- a/src/libcharon/plugins/eap_identity/eap_identity.c +++ b/src/libcharon/plugins/eap_identity/eap_identity.c @@ -39,6 +39,11 @@ struct private_eap_identity_t { * received identity chunk */ chunk_t identity; + + /** + * EAP identifier + */ + u_int8_t identifier; }; typedef struct eap_identity_header_t eap_identity_header_t; @@ -68,10 +73,13 @@ METHOD(eap_method_t, process_peer, status_t, id = this->peer->get_encoding(this->peer); len = sizeof(eap_identity_header_t) + id.len; - + if (in) + { + this->identifier = in->get_identifier(in); + } hdr = alloca(len); hdr->code = EAP_RESPONSE; - hdr->identifier = in ? in->get_identifier(in) : 0; + hdr->identifier = this->identifier; hdr->length = htons(len); hdr->type = EAP_IDENTITY; memcpy(hdr->data, id.ptr, id.len); @@ -106,7 +114,7 @@ METHOD(eap_method_t, initiate_server, status_t, eap_identity_header_t hdr; hdr.code = EAP_REQUEST; - hdr.identifier = 0; + hdr.identifier = this->identifier; hdr.length = htons(sizeof(eap_identity_header_t)); hdr.type = EAP_IDENTITY; @@ -133,6 +141,18 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_identity_t *this) +{ + return this->identifier; +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_identity_t *this, u_int8_t identifier) +{ + this->identifier = identifier; +} + METHOD(eap_method_t, is_mutual, bool, private_eap_identity_t *this) { @@ -163,6 +183,8 @@ eap_identity_t *eap_identity_create_peer(identification_t *server, .get_type = _get_type, .is_mutual = _is_mutual, .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, .destroy = _destroy, }, }, @@ -189,6 +211,8 @@ eap_identity_t *eap_identity_create_server(identification_t *server, .get_type = _get_type, .is_mutual = _is_mutual, .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/eap_identity/eap_identity_plugin.c b/src/libcharon/plugins/eap_identity/eap_identity_plugin.c index 079c27909..3297416b2 100644 --- a/src/libcharon/plugins/eap_identity/eap_identity_plugin.c +++ b/src/libcharon/plugins/eap_identity/eap_identity_plugin.c @@ -18,6 +18,12 @@ #include <daemon.h> +METHOD(plugin_t, get_name, char*, + eap_identity_plugin_t *this) +{ + return "eap-identity"; +} + METHOD(plugin_t, destroy, void, eap_identity_plugin_t *this) { @@ -37,6 +43,8 @@ plugin_t *eap_identity_plugin_create() INIT(this, .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, ); diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index e2c3b5c1f..e828fbc3e 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c index f70754abb..b0a234527 100644 --- a/src/libcharon/plugins/eap_md5/eap_md5.c +++ b/src/libcharon/plugins/eap_md5/eap_md5.c @@ -147,12 +147,12 @@ METHOD(eap_method_t, process_peer, status_t, this->identifier = in->get_identifier(in); data = in->get_data(in); - this->challenge = chunk_clone(chunk_skip(data, 6)); - if (data.len < 6 || this->challenge.len < *(data.ptr + 5)) + if (data.len < 6 || data.ptr[5] + 6 > data.len) { DBG1(DBG_IKE, "received invalid EAP-MD5 message"); return FAILED; } + this->challenge = chunk_clone(chunk_create(data.ptr + 6, data.ptr[5])); if (hash_challenge(this, &response, this->peer, this->server) != SUCCESS) { return FAILED; @@ -176,7 +176,9 @@ METHOD(eap_method_t, process_server, status_t, chunk_t response, expected; chunk_t data; - if (this->identifier != in->get_identifier(in)) + data = in->get_data(in); + if (this->identifier != in->get_identifier(in) || + data.len < 6 || data.ptr[5] + 6 > data.len) { DBG1(DBG_IKE, "received invalid EAP-MD5 message"); return FAILED; @@ -185,9 +187,7 @@ METHOD(eap_method_t, process_server, status_t, { return FAILED; } - data = in->get_data(in); - response = chunk_skip(data, 6); - + response = chunk_create(data.ptr + 6, data.ptr[5]); if (response.len < expected.len || !memeq(response.ptr, expected.ptr, expected.len)) { @@ -218,6 +218,18 @@ METHOD(eap_method_t, is_mutual, bool, return FALSE; } +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_md5_t *this) +{ + return this->identifier; +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_md5_t *this, u_int8_t identifier) +{ + this->identifier = identifier; +} + METHOD(eap_method_t, destroy, void, private_eap_md5_t *this) { @@ -242,6 +254,8 @@ eap_md5_t *eap_md5_create_server(identification_t *server, identification_t *pee .get_type = _get_type, .is_mutual = _is_mutual, .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/eap_md5/eap_md5_plugin.c b/src/libcharon/plugins/eap_md5/eap_md5_plugin.c index 39a6f5731..fe5ae51bf 100644 --- a/src/libcharon/plugins/eap_md5/eap_md5_plugin.c +++ b/src/libcharon/plugins/eap_md5/eap_md5_plugin.c @@ -18,6 +18,12 @@ #include <daemon.h> +METHOD(plugin_t, get_name, char*, + eap_md5_plugin_t *this) +{ + return "eap-md5"; +} + METHOD(plugin_t, destroy, void, eap_md5_plugin_t *this) { @@ -37,6 +43,8 @@ plugin_t *eap_md5_plugin_create() INIT(this, .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, ); diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index 669be68e8..4986fdce3 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c index 4f39c8608..1dd94f6fb 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c @@ -560,19 +560,15 @@ static void set_ms_length(eap_mschapv2_header_t *eap, u_int16_t len) memcpy(&eap->ms_length, &len, sizeof(u_int16_t)); } -/** - * Implementation of eap_method_t.initiate for the peer - */ -static status_t initiate_peer(private_eap_mschapv2_t *this, eap_payload_t **out) +METHOD(eap_method_t, initiate_peer, status_t, + private_eap_mschapv2_t *this, eap_payload_t **out) { /* peer never initiates */ return FAILED; } -/** - * Implementation of eap_method_t.initiate for the server - */ -static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **out) +METHOD(eap_method_t, initiate_server, status_t, + private_eap_mschapv2_t *this, eap_payload_t **out) { rng_t *rng; eap_mschapv2_header_t *eap; @@ -904,11 +900,8 @@ error: return status; } -/** - * Implementation of eap_method_t.process for the peer - */ -static status_t process_peer(private_eap_mschapv2_t *this, eap_payload_t *in, - eap_payload_t **out) +METHOD(eap_method_t, process_peer, status_t, + private_eap_mschapv2_t *this, eap_payload_t *in, eap_payload_t **out) { chunk_t data; eap_mschapv2_header_t *eap; @@ -1091,11 +1084,8 @@ static status_t process_server_response(private_eap_mschapv2_t *this, return process_server_retry(this, out); } -/** - * Implementation of eap_method_t.process for the server - */ -static status_t process_server(private_eap_mschapv2_t *this, eap_payload_t *in, - eap_payload_t **out) +METHOD(eap_method_t, process_server, status_t, + private_eap_mschapv2_t *this, eap_payload_t *in, eap_payload_t **out) { eap_mschapv2_header_t *eap; chunk_t data; @@ -1140,19 +1130,15 @@ static status_t process_server(private_eap_mschapv2_t *this, eap_payload_t *in, return FAILED; } -/** - * Implementation of eap_method_t.get_type. - */ -static eap_type_t get_type(private_eap_mschapv2_t *this, u_int32_t *vendor) +METHOD(eap_method_t, get_type, eap_type_t, + private_eap_mschapv2_t *this, u_int32_t *vendor) { *vendor = 0; return EAP_MSCHAPV2; } -/** - * Implementation of eap_method_t.get_msk. - */ -static status_t get_msk(private_eap_mschapv2_t *this, chunk_t *msk) +METHOD(eap_method_t, get_msk, status_t, + private_eap_mschapv2_t *this, chunk_t *msk) { if (this->msk.ptr) { @@ -1162,18 +1148,26 @@ static status_t get_msk(private_eap_mschapv2_t *this, chunk_t *msk) return FAILED; } -/** - * Implementation of eap_method_t.is_mutual. - */ -static bool is_mutual(private_eap_mschapv2_t *this) +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_mschapv2_t *this) +{ + return this->identifier; +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_mschapv2_t *this, u_int8_t identifier) +{ + this->identifier = identifier; +} + +METHOD(eap_method_t, is_mutual, bool, + private_eap_mschapv2_t *this) { return FALSE; } -/** - * Implementation of eap_method_t.destroy. - */ -static void destroy(private_eap_mschapv2_t *this) +METHOD(eap_method_t, destroy, void, + private_eap_mschapv2_t *this) { this->peer->destroy(this->peer); this->server->destroy(this->server); @@ -1189,25 +1183,22 @@ static void destroy(private_eap_mschapv2_t *this) */ static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *server, identification_t *peer) { - private_eap_mschapv2_t *this = malloc_thing(private_eap_mschapv2_t); - - this->public.eap_method_interface.initiate = NULL; - this->public.eap_method_interface.process = NULL; - this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; - this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; - this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; - this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - - /* private data */ - this->peer = peer->clone(peer); - this->server = server->clone(server); - this->challenge = chunk_empty; - this->nt_response = chunk_empty; - this->auth_response = chunk_empty; - this->msk = chunk_empty; - this->identifier = 0; - this->mschapv2id = 0; - this->retries = 0; + private_eap_mschapv2_t *this; + + INIT(this, + .public = { + .eap_method_interface = { + .get_type = _get_type, + .is_mutual = _is_mutual, + .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, + .destroy = _destroy, + }, + }, + .peer = peer->clone(peer), + .server = server->clone(server), + ); return this; } @@ -1219,8 +1210,8 @@ eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identificat { private_eap_mschapv2_t *this = eap_mschapv2_create_generic(server, peer); - this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; - this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*, eap_payload_t**))process_server; + this->public.eap_method_interface.initiate = _initiate_server; + this->public.eap_method_interface.process = _process_server; /* generate a non-zero identifier */ do @@ -1240,8 +1231,8 @@ eap_mschapv2_t *eap_mschapv2_create_peer(identification_t *server, identificatio { private_eap_mschapv2_t *this = eap_mschapv2_create_generic(server, peer); - this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; - this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*, eap_payload_t**))process_peer; + this->public.eap_method_interface.initiate = _initiate_peer; + this->public.eap_method_interface.process = _process_peer; return &this->public; } diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c index a7b41ddbf..e809b14b6 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c @@ -19,10 +19,14 @@ #include <daemon.h> -/** - * Implementation of plugin_t.destroy - */ -static void destroy(eap_mschapv2_plugin_t *this) +METHOD(plugin_t, get_name, char*, + eap_mschapv2_plugin_t *this) +{ + return "eap-mschapv2"; +} + +METHOD(plugin_t, destroy, void, + eap_mschapv2_plugin_t *this) { charon->eap->remove_method(charon->eap, (eap_constructor_t)eap_mschapv2_create_server); @@ -36,9 +40,15 @@ static void destroy(eap_mschapv2_plugin_t *this) */ plugin_t *eap_mschapv2_plugin_create() { - eap_mschapv2_plugin_t *this = malloc_thing(eap_mschapv2_plugin_t); - - this->plugin.destroy = (void(*)(plugin_t*))destroy; + eap_mschapv2_plugin_t *this; + + INIT(this, + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + ); charon->eap->add_method(charon->eap, EAP_MSCHAPV2, 0, EAP_SERVER, (eap_constructor_t)eap_mschapv2_create_server); diff --git a/src/libcharon/plugins/eap_peap/Makefile.am b/src/libcharon/plugins/eap_peap/Makefile.am new file mode 100644 index 000000000..81f2575c7 --- /dev/null +++ b/src/libcharon/plugins/eap_peap/Makefile.am @@ -0,0 +1,21 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-peap.la +else +plugin_LTLIBRARIES = libstrongswan-eap-peap.la +libstrongswan_eap_peap_la_LIBADD = $(top_builddir)/src/libtls/libtls.la +endif + +libstrongswan_eap_peap_la_SOURCES = \ + eap_peap_plugin.h eap_peap_plugin.c \ + eap_peap.h eap_peap.c \ + eap_peap_peer.h eap_peap_peer.c \ + eap_peap_server.h eap_peap_server.c \ + eap_peap_avp.h eap_peap_avp.c + +libstrongswan_eap_peap_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in new file mode 100644 index 000000000..0ed4a3dcf --- /dev/null +++ b/src/libcharon/plugins/eap_peap/Makefile.in @@ -0,0 +1,617 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/eap_peap +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +@MONOLITHIC_FALSE@libstrongswan_eap_peap_la_DEPENDENCIES = \ +@MONOLITHIC_FALSE@ $(top_builddir)/src/libtls/libtls.la +am_libstrongswan_eap_peap_la_OBJECTS = eap_peap_plugin.lo eap_peap.lo \ + eap_peap_peer.lo eap_peap_server.lo eap_peap_avp.lo +libstrongswan_eap_peap_la_OBJECTS = \ + $(am_libstrongswan_eap_peap_la_OBJECTS) +libstrongswan_eap_peap_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_eap_peap_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_peap_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_peap_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_eap_peap_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_peap_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls + +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-peap.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-peap.la +@MONOLITHIC_FALSE@libstrongswan_eap_peap_la_LIBADD = $(top_builddir)/src/libtls/libtls.la +libstrongswan_eap_peap_la_SOURCES = \ + eap_peap_plugin.h eap_peap_plugin.c \ + eap_peap.h eap_peap.c \ + eap_peap_peer.h eap_peap_peer.c \ + eap_peap_server.h eap_peap_server.c \ + eap_peap_avp.h eap_peap_avp.c + +libstrongswan_eap_peap_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_peap/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_peap/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-eap-peap.la: $(libstrongswan_eap_peap_la_OBJECTS) $(libstrongswan_eap_peap_la_DEPENDENCIES) + $(libstrongswan_eap_peap_la_LINK) $(am_libstrongswan_eap_peap_la_rpath) $(libstrongswan_eap_peap_la_OBJECTS) $(libstrongswan_eap_peap_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_peap.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_peap_avp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_peap_peer.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_peap_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_peap_server.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/eap_peap/eap_peap.c b/src/libcharon/plugins/eap_peap/eap_peap.c new file mode 100644 index 000000000..5bae0fa9b --- /dev/null +++ b/src/libcharon/plugins/eap_peap/eap_peap.c @@ -0,0 +1,213 @@ +/* + * Copyright (C) 2010 Martin Willi, revosec AG + * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_peap.h" +#include "eap_peap_peer.h" +#include "eap_peap_server.h" + +#include <tls_eap.h> + +#include <daemon.h> +#include <library.h> + +typedef struct private_eap_peap_t private_eap_peap_t; + +/** + * Private data of an eap_peap_t object. + */ +struct private_eap_peap_t { + + /** + * Public interface. + */ + eap_peap_t public; + + /** + * TLS stack, wrapped by EAP helper + */ + tls_eap_t *tls_eap; +}; + +/** Maximum number of EAP-PEAP messages/fragments allowed */ +#define MAX_MESSAGE_COUNT 32 +/** Default size of a EAP-PEAP fragment */ +#define MAX_FRAGMENT_LEN 1024 + +METHOD(eap_method_t, initiate, status_t, + private_eap_peap_t *this, eap_payload_t **out) +{ + chunk_t data; + + if (this->tls_eap->initiate(this->tls_eap, &data) == NEED_MORE) + { + *out = eap_payload_create_data(data); + free(data.ptr); + return NEED_MORE; + } + return FAILED; +} + +METHOD(eap_method_t, process, status_t, + private_eap_peap_t *this, eap_payload_t *in, eap_payload_t **out) +{ + status_t status; + chunk_t data; + + data = in->get_data(in); + status = this->tls_eap->process(this->tls_eap, data, &data); + if (status == NEED_MORE) + { + *out = eap_payload_create_data(data); + free(data.ptr); + } + return status; +} + +METHOD(eap_method_t, get_type, eap_type_t, + private_eap_peap_t *this, u_int32_t *vendor) +{ + *vendor = 0; + return EAP_PEAP; +} + +METHOD(eap_method_t, get_msk, status_t, + private_eap_peap_t *this, chunk_t *msk) +{ + *msk = this->tls_eap->get_msk(this->tls_eap); + if (msk->len) + { + return SUCCESS; + } + return FAILED; +} + +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_peap_t *this) +{ + return this->tls_eap->get_identifier(this->tls_eap); +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_peap_t *this, u_int8_t identifier) +{ + this->tls_eap->set_identifier(this->tls_eap, identifier); +} + +METHOD(eap_method_t, is_mutual, bool, + private_eap_peap_t *this) +{ + return TRUE; +} + +METHOD(eap_method_t, destroy, void, + private_eap_peap_t *this) +{ + this->tls_eap->destroy(this->tls_eap); + free(this); +} + +/** + * Create an empty private eap_peap_t object + */ +static private_eap_peap_t *eap_peap_create_empty(void) +{ + private_eap_peap_t *this; + + INIT(this, + .public = { + .eap_method = { + .initiate = _initiate, + .process = _process, + .get_type = _get_type, + .is_mutual = _is_mutual, + .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, + .destroy = _destroy, + }, + }, + ); + return this; +} + +/** + * Generic private constructor + */ +static eap_peap_t *eap_peap_create(private_eap_peap_t * this, + identification_t *server, + identification_t *peer, bool is_server, + tls_application_t *application) +{ + size_t frag_size; + int max_msg_count; + bool include_length; + tls_t *tls; + + if (is_server && !lib->settings->get_bool(lib->settings, + "charon.plugins.eap-peap.request_peer_auth", FALSE)) + { + peer = NULL; + } + frag_size = lib->settings->get_int(lib->settings, + "charon.plugins.eap-peap.fragment_size", MAX_FRAGMENT_LEN); + max_msg_count = lib->settings->get_int(lib->settings, + "charon.plugins.eap-peap.max_message_count", MAX_MESSAGE_COUNT); + include_length = lib->settings->get_bool(lib->settings, + "charon.plugins.eap-peap.include_length", FALSE); + tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_PEAP, application); + this->tls_eap = tls_eap_create(EAP_PEAP, tls, frag_size, max_msg_count, + include_length); + if (!this->tls_eap) + { + application->destroy(application); + free(this); + return NULL; + } + return &this->public; +} + +eap_peap_t *eap_peap_create_server(identification_t *server, + identification_t *peer) +{ + private_eap_peap_t *eap_peap; + eap_method_t *eap_method; + eap_peap_server_t *eap_peap_server; + tls_application_t *application; + + /* the tunneled application needs a reference to the outer EAP-PEAP method */ + eap_peap = eap_peap_create_empty(); + eap_method = &eap_peap->public.eap_method; + eap_peap_server = eap_peap_server_create(server, peer, eap_method); + application = &eap_peap_server->application; + + return eap_peap_create(eap_peap, server, peer, TRUE, application); +} + +eap_peap_t *eap_peap_create_peer(identification_t *server, + identification_t *peer) +{ + private_eap_peap_t *eap_peap; + eap_method_t *eap_method; + eap_peap_peer_t *eap_peap_peer; + tls_application_t *application; + + /* the tunneled application needs a reference to the outer EAP-PEAP method */ + eap_peap = eap_peap_create_empty(); + eap_method = &eap_peap->public.eap_method; + eap_peap_peer = eap_peap_peer_create(server, peer, eap_method); + application = &eap_peap_peer->application; + + return eap_peap_create(eap_peap, server, peer, FALSE, application); +} diff --git a/src/libcharon/plugins/eap_peap/eap_peap.h b/src/libcharon/plugins/eap_peap/eap_peap.h new file mode 100644 index 000000000..f47bad561 --- /dev/null +++ b/src/libcharon/plugins/eap_peap/eap_peap.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_peap_i eap_peap + * @{ @ingroup eap_peap + */ + +#ifndef EAP_PEAP_H_ +#define EAP_PEAP_H_ + +typedef struct eap_peap_t eap_peap_t; + +#include <sa/authenticators/eap/eap_method.h> + +/** + * Implementation of eap_method_t using EAP-PEAP. + */ +struct eap_peap_t { + + /** + * Implements eap_method_t interface. + */ + eap_method_t eap_method; +}; + +/** + * Creates the EAP method EAP-PEAP acting as server. + * + * @param server ID of the EAP server + * @param peer ID of the EAP client + * @return eap_peap_t object + */ +eap_peap_t *eap_peap_create_server(identification_t *server, + identification_t *peer); + +/** + * Creates the EAP method EAP-PEAP acting as peer. + * + * @param server ID of the EAP server + * @param peer ID of the EAP client + * @return eap_peap_t object + */ +eap_peap_t *eap_peap_create_peer(identification_t *server, + identification_t *peer); + +#endif /** EAP_PEAP_H_ @}*/ diff --git a/src/libcharon/plugins/eap_peap/eap_peap_avp.c b/src/libcharon/plugins/eap_peap/eap_peap_avp.c new file mode 100644 index 000000000..06e5222d9 --- /dev/null +++ b/src/libcharon/plugins/eap_peap/eap_peap_avp.c @@ -0,0 +1,152 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_peap_avp.h" + +#include <eap/eap.h> +#include <debug.h> + +/** + * Microsoft Success and Failure Result AVPs + */ +static const chunk_t MS_AVP_Success = chunk_from_chars( + 0x80, 0x03, 0x00, 0x02, 0x00, 0x01); +static const chunk_t MS_AVP_Failure = chunk_from_chars( + 0x80, 0x03, 0x00, 0x02, 0x00, 0x02); + +typedef struct private_eap_peap_avp_t private_eap_peap_avp_t; + +/** + * Private data of an eap_peap_avp_t object. + */ +struct private_eap_peap_avp_t { + + /** + * Public eap_peap_avp_t interface. + */ + eap_peap_avp_t public; + + /** + * EAP server or peer + */ + bool is_server; +}; + +METHOD(eap_peap_avp_t, build, void, + private_eap_peap_avp_t *this, tls_writer_t *writer, chunk_t data) +{ + u_int8_t code; + eap_packet_t *pkt; + chunk_t avp_data; + + pkt = (eap_packet_t*)data.ptr; + + if (pkt->code == EAP_SUCCESS || pkt->code == EAP_FAILURE) + { + code = (this->is_server) ? EAP_REQUEST : EAP_RESPONSE; + writer->write_uint8(writer, code); + writer->write_uint8(writer, pkt->identifier); + writer->write_uint16(writer, 11); + writer->write_uint8(writer, EAP_MSTLV); + avp_data = (pkt->code == EAP_SUCCESS) ? MS_AVP_Success : MS_AVP_Failure; + } + else + { + avp_data = chunk_skip(data, 4); + } + writer->write_data(writer, avp_data); +} + +METHOD(eap_peap_avp_t, process, status_t, + private_eap_peap_avp_t* this, tls_reader_t *reader, chunk_t *data, + u_int8_t identifier) +{ + u_int8_t code; + u_int16_t len; + eap_packet_t *pkt; + chunk_t avp_data; + + code = (this->is_server) ? EAP_RESPONSE : EAP_REQUEST; + len = reader->remaining(reader); + if (!reader->read_data(reader, len, &avp_data)) + { + return FAILED; + } + pkt = (eap_packet_t*)avp_data.ptr; + + if (len > 4 && pkt->code == code && untoh16(&pkt->length) == len) + { + if (len == 5 && pkt->type == EAP_IDENTITY) + { + DBG2(DBG_IKE, "uncompressed EAP Identity request"); + *data = chunk_clone(avp_data); + return SUCCESS; + } + else if (len == 11 && pkt->type == EAP_MSTLV) + { + if (memeq(&pkt->data, MS_AVP_Success.ptr, MS_AVP_Success.len)) + { + DBG2(DBG_IKE, "MS Success Result AVP"); + code = EAP_SUCCESS; + } + else if (memeq(&pkt->data, MS_AVP_Failure.ptr, MS_AVP_Failure.len)) + { + DBG2(DBG_IKE, "MS Failure Result AVP"); + code = EAP_FAILURE; + } + else + { + DBG1(DBG_IKE, "unknown MS AVP message"); + return FAILED; + } + identifier = pkt->identifier; + len = 0; + } + } + + *data = chunk_alloc(4 + len); + pkt = (eap_packet_t*)data->ptr; + pkt->code = code; + pkt->identifier = identifier; + htoun16(&pkt->length, data->len); + memcpy(data->ptr + 4, avp_data.ptr, len); + + return SUCCESS; +} + +METHOD(eap_peap_avp_t, destroy, void, + private_eap_peap_avp_t *this) +{ + free(this); +} + +/** + * See header + */ +eap_peap_avp_t *eap_peap_avp_create(bool is_server) +{ + private_eap_peap_avp_t *this; + + INIT(this, + .public= { + .process = _process, + .build = _build, + .destroy = _destroy, + }, + .is_server = is_server, + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/eap_peap/eap_peap_avp.h b/src/libcharon/plugins/eap_peap/eap_peap_avp.h new file mode 100644 index 000000000..db22f0f8f --- /dev/null +++ b/src/libcharon/plugins/eap_peap/eap_peap_avp.h @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_peap_avp eap_peap_avp + * @{ @ingroup eap_peap + */ + +#ifndef EAP_PEAP_AVP_H_ +#define EAP_PEAP_AVP_H_ + +typedef struct eap_peap_avp_t eap_peap_avp_t; + +#include <library.h> + +#include <tls_reader.h> +#include <tls_writer.h> + +/** + * EAP-PEAP Attribute-Value Pair (AVP) handler. + */ +struct eap_peap_avp_t { + + /** + * Process received EAP-PEAP Message AVP. + * + * @param reader TLS data buffer + * @param data received EAP Message + * @param identifier EAP-PEAP message identifier + * @return + * - SUCCESS if AVP processing succeeded + * - FAILED if AVP processing failed + * - NEED_MORE if another invocation of process/build needed + */ + status_t (*process)(eap_peap_avp_t *this, tls_reader_t *reader, + chunk_t *data, u_int8_t identifier); + + /** + * Build EAP-PEAP Message AVP to send out. + * + * @param writer TLS data buffer to write to + * @param data EAP Message to send + */ + void (*build)(eap_peap_avp_t *this, tls_writer_t *writer, chunk_t data); + + /** + * Destroy a eap_peap_application_t. + */ + void (*destroy)(eap_peap_avp_t *this); +}; + +/** + * Create an eap_peap_avp instance. + * + * @param is_server TRUE iv eap server, FALSE if eap peer + */ +eap_peap_avp_t *eap_peap_avp_create(bool is_server); + +#endif /** EAP_PEAP_AVP_H_ @}*/ diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.c b/src/libcharon/plugins/eap_peap/eap_peap_peer.c new file mode 100644 index 000000000..ca2af4fee --- /dev/null +++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.c @@ -0,0 +1,256 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_peap_peer.h" +#include "eap_peap_avp.h" + +#include <debug.h> +#include <daemon.h> + +typedef struct private_eap_peap_peer_t private_eap_peap_peer_t; + +/** + * Private data of an eap_peap_peer_t object. + */ +struct private_eap_peap_peer_t { + + /** + * Public eap_peap_peer_t interface. + */ + eap_peap_peer_t public; + + /** + * Server identity + */ + identification_t *server; + + /** + * Peer identity + */ + identification_t *peer; + + /** + * Outer phase 1 EAP method + */ + eap_method_t *ph1_method; + + /** + * Current phase 2 EAP method + */ + eap_method_t *ph2_method; + + /** + * Pending outbound EAP message + */ + eap_payload_t *out; + + /** + * AVP handler + */ + eap_peap_avp_t *avp; +}; + +METHOD(tls_application_t, process, status_t, + private_eap_peap_peer_t *this, tls_reader_t *reader) +{ + chunk_t data = chunk_empty; + status_t status; + payload_t *payload; + eap_payload_t *in; + eap_code_t code; + eap_type_t type, received_type; + u_int32_t vendor, received_vendor; + + status = this->avp->process(this->avp, reader, &data, + this->ph1_method->get_identifier(this->ph1_method)); + switch (status) + { + case SUCCESS: + break; + case NEED_MORE: + return NEED_MORE; + case FAILED: + default: + return FAILED; + } + + in = eap_payload_create_data(data); + DBG3(DBG_IKE, "%B", &data); + chunk_free(&data); + payload = (payload_t*)in; + + if (payload->verify(payload) != SUCCESS) + { + in->destroy(in); + return FAILED; + } + + code = in->get_code(in); + if (code == EAP_REQUEST || code == EAP_RESPONSE) + { + received_type = in->get_type(in, &received_vendor); + DBG1(DBG_IKE, "received tunneled EAP-PEAP AVP [EAP/%N/%N]", + eap_code_short_names, code, + eap_type_short_names, received_type); + if (code != EAP_REQUEST) + { + DBG1(DBG_IKE, "%N expected", eap_code_names, EAP_REQUEST); + in->destroy(in); + return FAILED; + } + } + else + { + DBG1(DBG_IKE, "received tunneled EAP-PEAP AVP [EAP/%N]", + eap_code_short_names, code); + this->out = eap_payload_create_code(code, in->get_identifier(in)); + in->destroy(in); + return NEED_MORE; + } + + /* yet another phase2 authentication? */ + if (this->ph2_method) + { + type = this->ph2_method->get_type(this->ph2_method, &vendor); + + if (type != received_type || vendor != received_vendor) + { + this->ph2_method->destroy(this->ph2_method); + this->ph2_method = NULL; + } + } + + if (this->ph2_method == NULL) + { + if (received_vendor) + { + DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%d " + "(id 0x%02X", received_type, received_vendor, + in->get_identifier(in)); + } + else + { + DBG1(DBG_IKE, "server requested %N authentication (id 0x%02X)", + eap_type_names, received_type, in->get_identifier(in)); + } + this->ph2_method = charon->eap->create_instance(charon->eap, + received_type, received_vendor, + EAP_PEER, this->server, this->peer); + if (!this->ph2_method) + { + DBG1(DBG_IKE, "EAP method not supported"); + this->out = eap_payload_create_nak(in->get_identifier(in)); + in->destroy(in); + return NEED_MORE; + } + type = this->ph2_method->get_type(this->ph2_method, &vendor); + } + + status = this->ph2_method->process(this->ph2_method, in, &this->out); + in->destroy(in); + + switch (status) + { + case SUCCESS: + this->ph2_method->destroy(this->ph2_method); + this->ph2_method = NULL; + /* fall through to NEED_MORE */ + case NEED_MORE: + return NEED_MORE; + case FAILED: + default: + if (vendor) + { + DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", + type, vendor); + } + else + { + DBG1(DBG_IKE, "%N method failed", eap_type_names, type); + } + return FAILED; + } +} + +METHOD(tls_application_t, build, status_t, + private_eap_peap_peer_t *this, tls_writer_t *writer) +{ + chunk_t data; + eap_code_t code; + eap_type_t type; + u_int32_t vendor; + + if (this->out) + { + code = this->out->get_code(this->out); + type = this->out->get_type(this->out, &vendor); + if (code == EAP_REQUEST || code == EAP_RESPONSE) + { + DBG1(DBG_IKE, "sending tunneled EAP-PEAP AVP [EAP/%N/%N]", + eap_code_short_names, code, eap_type_short_names, type); + } + else + { + DBG1(DBG_IKE, "sending tunneled EAP-PEAP AVP [EAP/%N]", + eap_code_short_names, code); + } + + /* get the raw EAP message data */ + data = this->out->get_data(this->out); + DBG3(DBG_IKE, "%B", &data); + this->avp->build(this->avp, writer, data); + + this->out->destroy(this->out); + this->out = NULL; + } + return INVALID_STATE; +} + +METHOD(tls_application_t, destroy, void, + private_eap_peap_peer_t *this) +{ + this->server->destroy(this->server); + this->peer->destroy(this->peer); + DESTROY_IF(this->ph2_method); + DESTROY_IF(this->out); + this->avp->destroy(this->avp); + free(this); +} + +/** + * See header + */ +eap_peap_peer_t *eap_peap_peer_create(identification_t *server, + identification_t *peer, + eap_method_t *eap_method) +{ + private_eap_peap_peer_t *this; + + INIT(this, + .public = { + .application = { + .process = _process, + .build = _build, + .destroy = _destroy, + }, + }, + .server = server->clone(server), + .peer = peer->clone(peer), + .ph1_method = eap_method, + .avp = eap_peap_avp_create(FALSE), + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.h b/src/libcharon/plugins/eap_peap/eap_peap_peer.h new file mode 100644 index 000000000..a87544209 --- /dev/null +++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_peap_peer eap_peap_peer + * @{ @ingroup eap_peap + */ + +#ifndef EAP_PEAP_PEER_H_ +#define EAP_PEAP_PEER_H_ + +typedef struct eap_peap_peer_t eap_peap_peer_t; + +#include "tls_application.h" + +#include <library.h> +#include <sa/authenticators/eap/eap_method.h> + +/** + * TLS application data handler as peer. + */ +struct eap_peap_peer_t { + + /** + * Implements the TLS application data handler. + */ + tls_application_t application; +}; + +/** + * Create an eap_peap_peer instance. + */ +eap_peap_peer_t *eap_peap_peer_create(identification_t *server, + identification_t *peer, + eap_method_t *eap_method); + +#endif /** EAP_PEAP_PEER_H_ @}*/ diff --git a/src/libcharon/plugins/eap_peap/eap_peap_plugin.c b/src/libcharon/plugins/eap_peap/eap_peap_plugin.c new file mode 100644 index 000000000..bac5f2d3e --- /dev/null +++ b/src/libcharon/plugins/eap_peap/eap_peap_plugin.c @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_peap_plugin.h" + +#include "eap_peap.h" + +#include <daemon.h> + +METHOD(plugin_t, get_name, char*, + eap_peap_plugin_t *this) +{ + return "eap-peap"; +} + +METHOD(plugin_t, destroy, void, + eap_peap_plugin_t *this) +{ + charon->eap->remove_method(charon->eap, + (eap_constructor_t)eap_peap_create_server); + charon->eap->remove_method(charon->eap, + (eap_constructor_t)eap_peap_create_peer); + free(this); +} + +/* + * see header file + */ +plugin_t *eap_peap_plugin_create() +{ + eap_peap_plugin_t *this; + + INIT(this, + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + ); + + charon->eap->add_method(charon->eap, EAP_PEAP, 0, EAP_SERVER, + (eap_constructor_t)eap_peap_create_server); + charon->eap->add_method(charon->eap, EAP_PEAP, 0, EAP_PEER, + (eap_constructor_t)eap_peap_create_peer); + + return &this->plugin; +} diff --git a/src/libcharon/plugins/eap_peap/eap_peap_plugin.h b/src/libcharon/plugins/eap_peap/eap_peap_plugin.h new file mode 100644 index 000000000..75bb504e1 --- /dev/null +++ b/src/libcharon/plugins/eap_peap/eap_peap_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_peap eap_peap + * @ingroup cplugins + * + * @defgroup eap_peap_plugin eap_peap_plugin + * @{ @ingroup eap_peap + */ + +#ifndef EAP_PEAP_PLUGIN_H_ +#define EAP_PEAP_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct eap_peap_plugin_t eap_peap_plugin_t; + +/** + * EAP-PEAP plugin + */ +struct eap_peap_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a eap_peap_plugin instance. + */ +plugin_t *eap_peap_plugin_create(); + +#endif /** EAP_PEAP_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c new file mode 100644 index 000000000..3fabc3575 --- /dev/null +++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c @@ -0,0 +1,432 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_peap_server.h" +#include "eap_peap_avp.h" + +#include <debug.h> +#include <daemon.h> + +typedef struct private_eap_peap_server_t private_eap_peap_server_t; + +/** + * Private data of an eap_peap_server_t object. + */ +struct private_eap_peap_server_t { + + /** + * Public eap_peap_server_t interface. + */ + eap_peap_server_t public; + + /** + * Server identity + */ + identification_t *server; + + /** + * Peer identity + */ + identification_t *peer; + + /** + * Current EAP-PEAP phase2 state + */ + bool start_phase2; + + /** + * Current EAP-PEAP phase2 TNC state + */ + bool start_phase2_tnc; + + /** + * Starts phase 2 with EAP Identity request + */ + bool start_phase2_id; + + /** + * Final EAP-PEAP phase2 result + */ + eap_code_t phase2_result; + + /** + * Outer phase 1 EAP method + */ + eap_method_t *ph1_method; + + /** + * Current phase 2 EAP method + */ + eap_method_t *ph2_method; + + /** + * Pending outbound EAP message + */ + eap_payload_t *out; + + /** + * AVP handler + */ + eap_peap_avp_t *avp; +}; + +/** + * Start EAP client authentication protocol + */ +static status_t start_phase2_auth(private_eap_peap_server_t *this) +{ + char *eap_type_str; + eap_type_t type; + + eap_type_str = lib->settings->get_str(lib->settings, + "charon.plugins.eap-peap.phase2_method", "mschapv2"); + type = eap_type_from_string(eap_type_str); + if (type == 0) + { + DBG1(DBG_IKE, "unrecognized phase2 method \"%s\"", eap_type_str); + return FAILED; + } + DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, type); + this->ph2_method = charon->eap->create_instance(charon->eap, type, 0, + EAP_SERVER, this->server, this->peer); + if (this->ph2_method == NULL) + { + DBG1(DBG_IKE, "%N method not available", eap_type_names, type); + return FAILED; + } + + /* synchronize EAP message identifiers of inner protocol with outer */ + this->ph2_method->set_identifier(this->ph2_method, + this->ph1_method->get_identifier(this->ph1_method) + 1); + + if (this->ph2_method->initiate(this->ph2_method, &this->out) == NEED_MORE) + { + return NEED_MORE; + } + else + { + DBG1(DBG_IKE, "%N method failed", eap_type_names, type); + return FAILED; + } +} + +/** + * If configured, start EAP-TNC protocol + */ +static status_t start_phase2_tnc(private_eap_peap_server_t *this) +{ + if (this->start_phase2_tnc && lib->settings->get_bool(lib->settings, + "charon.plugins.eap-peap.phase2_tnc", FALSE)) + { + DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, EAP_TNC); + this->ph2_method = charon->eap->create_instance(charon->eap, EAP_TNC, + 0, EAP_SERVER, this->server, this->peer); + if (this->ph2_method == NULL) + { + DBG1(DBG_IKE, "%N method not available", eap_type_names, EAP_TNC); + return FAILED; + } + this->start_phase2_tnc = FALSE; + + /* synchronize EAP message identifiers of inner protocol with outer */ + this->ph2_method->set_identifier(this->ph2_method, + this->ph1_method->get_identifier(this->ph1_method) + 1); + + if (this->ph2_method->initiate(this->ph2_method, &this->out) == NEED_MORE) + { + return NEED_MORE; + } + else + { + DBG1(DBG_IKE, "%N method failed", eap_type_names, EAP_TNC); + return FAILED; + } + } + return SUCCESS; +} + +METHOD(tls_application_t, process, status_t, + private_eap_peap_server_t *this, tls_reader_t *reader) +{ + chunk_t data = chunk_empty; + status_t status; + payload_t *payload; + eap_payload_t *in; + eap_code_t code; + eap_type_t type = EAP_NAK, received_type; + u_int32_t vendor, received_vendor; + + status = this->avp->process(this->avp, reader, &data, + this->ph1_method->get_identifier(this->ph1_method)); + switch (status) + { + case SUCCESS: + break; + case NEED_MORE: + return NEED_MORE; + case FAILED: + default: + return FAILED; + } + + in = eap_payload_create_data(data); + DBG3(DBG_IKE, "%B", &data); + chunk_free(&data); + payload = (payload_t*)in; + + if (payload->verify(payload) != SUCCESS) + { + in->destroy(in); + return FAILED; + } + + code = in->get_code(in); + if (code == EAP_REQUEST || code == EAP_RESPONSE) + { + received_type = in->get_type(in, &received_vendor); + DBG1(DBG_IKE, "received tunneled EAP-PEAP AVP [EAP/%N/%N]", + eap_code_short_names, code, + eap_type_short_names, received_type); + if (code != EAP_RESPONSE) + { + DBG1(DBG_IKE, "%N expected", eap_code_names, EAP_RESPONSE); + in->destroy(in); + return FAILED; + } + } + else + { + DBG1(DBG_IKE, "received tunneled EAP-PEAP AVP [EAP/%N]", + eap_code_short_names, code); + + /* if EAP_SUCCESS check if to continue phase2 with EAP-TNC */ + return (this->phase2_result == EAP_SUCCESS && code == EAP_SUCCESS) ? + start_phase2_tnc(this) : FAILED; + } + + if (this->ph2_method) + { + type = this->ph2_method->get_type(this->ph2_method, &vendor); + + if (type != received_type || vendor != received_vendor) + { + if (received_vendor == 0 && received_type == EAP_NAK) + { + DBG1(DBG_IKE, "peer does not support %N", eap_type_names, type); + } + else + { + DBG1(DBG_IKE, "received invalid EAP response"); + } + in->destroy(in); + return FAILED; + } + } + + if (!received_vendor && received_type == EAP_IDENTITY) + { + chunk_t eap_id; + + if (this->ph2_method == NULL) + { + /* Received an EAP Identity response without a matching request */ + this->ph2_method = charon->eap->create_instance(charon->eap, + EAP_IDENTITY, 0, EAP_SERVER, + this->server, this->peer); + if (this->ph2_method == NULL) + { + DBG1(DBG_IKE, "%N method not available", + eap_type_names, EAP_IDENTITY); + return FAILED; + } + } + + if (this->ph2_method->process(this->ph2_method, in, &this->out) != SUCCESS) + { + + DBG1(DBG_IKE, "%N method failed", eap_type_names, EAP_IDENTITY); + return FAILED; + } + + if (this->ph2_method->get_msk(this->ph2_method, &eap_id) == SUCCESS) + { + this->peer->destroy(this->peer); + this->peer = identification_create_from_data(eap_id); + DBG1(DBG_IKE, "received EAP identity '%Y'", this->peer); + } + + in->destroy(in); + this->ph2_method->destroy(this->ph2_method); + this->ph2_method = NULL; + + /* Start Phase 2 of EAP-PEAP authentication */ + if (lib->settings->get_bool(lib->settings, + "charon.plugins.eap-peap.request_peer_auth", FALSE)) + { + return start_phase2_tnc(this); + } + else + { + return start_phase2_auth(this); + } + } + + if (this->ph2_method == 0) + { + DBG1(DBG_IKE, "no %N phase2 method installed", eap_type_names, EAP_PEAP); + in->destroy(in); + return FAILED; + } + + status = this->ph2_method->process(this->ph2_method, in, &this->out); + in->destroy(in); + + switch (status) + { + case SUCCESS: + DBG1(DBG_IKE, "%N phase2 authentication of '%Y' with %N successful", + eap_type_names, EAP_PEAP, this->peer, + eap_type_names, type); + this->ph2_method->destroy(this->ph2_method); + this->ph2_method = NULL; + + /* EAP-PEAP requires the sending of an inner EAP_SUCCESS message */ + this->phase2_result = EAP_SUCCESS; + this->out = eap_payload_create_code(this->phase2_result, 1 + + this->ph1_method->get_identifier(this->ph1_method)); + return NEED_MORE; + case NEED_MORE: + break; + case FAILED: + default: + if (vendor) + { + DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", + type, vendor); + } + else + { + DBG1(DBG_IKE, "%N method failed", eap_type_names, type); + } + /* EAP-PEAP requires the sending of an inner EAP_FAILURE message */ + this->phase2_result = EAP_FAILURE; + this->out = eap_payload_create_code(this->phase2_result, 1 + + this->ph1_method->get_identifier(this->ph1_method)); + return NEED_MORE; + } + return status; +} + +METHOD(tls_application_t, build, status_t, + private_eap_peap_server_t *this, tls_writer_t *writer) +{ + chunk_t data; + eap_code_t code; + eap_type_t type; + u_int32_t vendor; + + if (this->ph2_method == NULL && this->start_phase2 && this->start_phase2_id) + { + /* + * Start Phase 2 with an EAP Identity request either piggybacked right + * onto the TLS Finished payload or delayed after the reception of an + * empty EAP Acknowledge message. + */ + this->ph2_method = charon->eap->create_instance(charon->eap, EAP_IDENTITY, + 0, EAP_SERVER, this->server, this->peer); + if (this->ph2_method == NULL) + { + DBG1(DBG_IKE, "%N method not available", + eap_type_names, EAP_IDENTITY); + return FAILED; + } + + /* synchronize EAP message identifiers of inner protocol with outer */ + this->ph2_method->set_identifier(this->ph2_method, + this->ph1_method->get_identifier(this->ph1_method)); + + this->ph2_method->initiate(this->ph2_method, &this->out); + this->start_phase2 = FALSE; + } + + this->start_phase2_id = TRUE; + + if (this->out) + { + code = this->out->get_code(this->out); + type = this->out->get_type(this->out, &vendor); + if (code == EAP_REQUEST || code == EAP_RESPONSE) + { + DBG1(DBG_IKE, "sending tunneled EAP-PEAP AVP [EAP/%N/%N]", + eap_code_short_names, code, eap_type_short_names, type); + } + else + { + DBG1(DBG_IKE, "sending tunneled EAP-PEAP AVP [EAP/%N]", + eap_code_short_names, code); + } + + /* get the raw EAP message data */ + data = this->out->get_data(this->out); + DBG3(DBG_IKE, "%B", &data); + this->avp->build(this->avp, writer, data); + + this->out->destroy(this->out); + this->out = NULL; + } + return INVALID_STATE; +} + +METHOD(tls_application_t, destroy, void, + private_eap_peap_server_t *this) +{ + this->server->destroy(this->server); + this->peer->destroy(this->peer); + DESTROY_IF(this->ph2_method); + DESTROY_IF(this->out); + this->avp->destroy(this->avp); + free(this); +} + +/** + * See header + */ +eap_peap_server_t *eap_peap_server_create(identification_t *server, + identification_t *peer, + eap_method_t *eap_method) +{ + private_eap_peap_server_t *this; + + INIT(this, + .public = { + .application = { + .process = _process, + .build = _build, + .destroy = _destroy, + }, + }, + .server = server->clone(server), + .peer = peer->clone(peer), + .ph1_method = eap_method, + .start_phase2 = TRUE, + .start_phase2_tnc = TRUE, + .start_phase2_id = lib->settings->get_bool(lib->settings, + "charon.plugins.eap-peap.phase2_piggyback", FALSE), + .phase2_result = EAP_FAILURE, + .avp = eap_peap_avp_create(TRUE), + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.h b/src/libcharon/plugins/eap_peap/eap_peap_server.h new file mode 100644 index 000000000..93141d62b --- /dev/null +++ b/src/libcharon/plugins/eap_peap/eap_peap_server.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_peap_server eap_peap_server + * @{ @ingroup eap_peap + */ + +#ifndef EAP_PEAP_SERVER_H_ +#define EAP_PEAP_SERVER_H_ + +typedef struct eap_peap_server_t eap_peap_server_t; + +#include "tls_application.h" + +#include <library.h> +#include <sa/authenticators/eap/eap_method.h> + +/** + * TLS application data handler as server. + */ +struct eap_peap_server_t { + + /** + * Implements the TLS application data handler. + */ + tls_application_t application; +}; + +/** + * Create an eap_peap_server instance. + */ +eap_peap_server_t *eap_peap_server_create(identification_t *server, + identification_t *peer, + eap_method_t *eap_method); + +#endif /** EAP_PEAP_SERVER_H_ @}*/ diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index 58a317769..740c64055 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -224,13 +224,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -251,6 +245,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -269,14 +265,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c index 157034fe5..dfe0e2e09 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius.c +++ b/src/libcharon/plugins/eap_radius/eap_radius.c @@ -55,6 +55,11 @@ struct private_eap_radius_t { u_int32_t vendor; /** + * EAP message identifier + */ + u_int8_t identifier; + + /** * RADIUS client instance */ radius_client_t *client; @@ -107,7 +112,7 @@ static void add_eap_identity(private_eap_radius_t *this, hdr = alloca(len); hdr->code = EAP_RESPONSE; - hdr->identifier = 0; + hdr->identifier = this->identifier; hdr->length = htons(len); hdr->type = EAP_IDENTITY; memcpy(hdr->data, prefix.ptr, prefix.len); @@ -139,9 +144,12 @@ static bool radius2ike(private_eap_radius_t *this, if (message.len) { *out = payload = eap_payload_create_data(message); - free(message.ptr); + /* apply EAP method selected by RADIUS server */ this->type = payload->get_type(payload, &this->vendor); + + DBG3(DBG_IKE, "%N payload %B", eap_type_names, this->type, &message); + free(message.ptr); return TRUE; } return FALSE; @@ -284,6 +292,8 @@ METHOD(eap_method_t, process, status_t, request = radius_message_create_request(); request->add(request, RAT_USER_NAME, this->peer->get_encoding(this->peer)); data = in->get_data(in); + DBG3(DBG_IKE, "%N payload %B", eap_type_names, this->type, &data); + /* fragment data suitable for RADIUS (not more than 253 bytes) */ while (data.len > 253) { @@ -351,6 +361,18 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_radius_t *this) +{ + return this->identifier; +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_radius_t *this, u_int8_t identifier) +{ + this->identifier = identifier; +} + METHOD(eap_method_t, is_mutual, bool, private_eap_radius_t *this) { @@ -388,6 +410,8 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer .get_type = _get_type, .is_mutual = _is_mutual, .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c index 1c24d77d5..c218bd48b 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c @@ -20,6 +20,7 @@ #include "radius_server.h" #include <daemon.h> +#include <threading/rwlock.h> /** * Default RADIUS server port, when not configured @@ -42,6 +43,11 @@ struct private_eap_radius_plugin_t { * List of RADIUS servers */ linked_list_t *servers; + + /** + * Lock for server list + */ + rwlock_t *lock; }; /** @@ -49,20 +55,10 @@ struct private_eap_radius_plugin_t { */ static private_eap_radius_plugin_t *instance = NULL; -METHOD(plugin_t, destroy, void, - private_eap_radius_plugin_t *this) -{ - charon->eap->remove_method(charon->eap, (eap_constructor_t)eap_radius_create); - this->servers->destroy_offset(this->servers, - offsetof(radius_server_t, destroy)); - free(this); - instance = NULL; -} - /** * Load RADIUS servers from configuration */ -static bool load_servers(private_eap_radius_plugin_t *this) +static void load_servers(private_eap_radius_plugin_t *this) { enumerator_t *enumerator; radius_server_t *server; @@ -78,7 +74,7 @@ static bool load_servers(private_eap_radius_plugin_t *this) if (!secret) { DBG1(DBG_CFG, "no RADUIS secret defined"); - return FALSE; + return; } nas_identifier = lib->settings->get_str(lib->settings, "charon.plugins.eap-radius.nas_identifier", "strongSwan"); @@ -86,15 +82,15 @@ static bool load_servers(private_eap_radius_plugin_t *this) "charon.plugins.eap-radius.port", RADIUS_PORT); sockets = lib->settings->get_int(lib->settings, "charon.plugins.eap-radius.sockets", 1); - server = radius_server_create(address, port, nas_identifier, + server = radius_server_create(address, address, port, nas_identifier, secret, sockets, 0); if (!server) { DBG1(DBG_CFG, "no RADUIS server defined"); - return FALSE; + return; } this->servers->insert_last(this->servers, server); - return TRUE; + return; } enumerator = lib->settings->create_section_enumerator(lib->settings, @@ -124,7 +120,7 @@ static bool load_servers(private_eap_radius_plugin_t *this) "charon.plugins.eap-radius.servers.%s.sockets", 1, section); preference = lib->settings->get_int(lib->settings, "charon.plugins.eap-radius.servers.%s.preference", 0, section); - server = radius_server_create(address, port, nas_identifier, + server = radius_server_create(section, address, port, nas_identifier, secret, sockets, preference); if (!server) { @@ -135,14 +131,40 @@ static bool load_servers(private_eap_radius_plugin_t *this) } enumerator->destroy(enumerator); - if (this->servers->get_count(this->servers) == 0) - { - DBG1(DBG_CFG, "no valid RADIUS server configuration found"); - return FALSE; - } + DBG1(DBG_CFG, "loaded %d RADIUS server configuration%s", + this->servers->get_count(this->servers), + this->servers->get_count(this->servers) == 1 ? "" : "s"); +} + +METHOD(plugin_t, get_name, char*, + private_eap_radius_plugin_t *this) +{ + return "eap-radius"; +} + +METHOD(plugin_t, reload, bool, + private_eap_radius_plugin_t *this) +{ + this->lock->write_lock(this->lock); + this->servers->destroy_offset(this->servers, + offsetof(radius_server_t, destroy)); + this->servers = linked_list_create(); + load_servers(this); + this->lock->unlock(this->lock); return TRUE; } +METHOD(plugin_t, destroy, void, + private_eap_radius_plugin_t *this) +{ + charon->eap->remove_method(charon->eap, (eap_constructor_t)eap_radius_create); + this->servers->destroy_offset(this->servers, + offsetof(radius_server_t, destroy)); + this->lock->destroy(this->lock); + free(this); + instance = NULL; +} + /* * see header file */ @@ -153,17 +175,17 @@ plugin_t *eap_radius_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = _reload, .destroy = _destroy, }, }, .servers = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); - if (!load_servers(this)) - { - destroy(this); - return NULL; - } + load_servers(this); + charon->eap->add_method(charon->eap, EAP_RADIUS, 0, EAP_SERVER, (eap_constructor_t)eap_radius_create); @@ -179,7 +201,10 @@ enumerator_t *eap_radius_create_server_enumerator() { if (instance) { - return instance->servers->create_enumerator(instance->servers); + instance->lock->read_lock(instance->lock); + return enumerator_create_cleaner( + instance->servers->create_enumerator(instance->servers), + (void*)instance->lock->unlock, instance->lock); } return enumerator_create_empty(); } diff --git a/src/libcharon/plugins/eap_radius/radius_client.c b/src/libcharon/plugins/eap_radius/radius_client.c index 232b9135e..245308e59 100644 --- a/src/libcharon/plugins/eap_radius/radius_client.c +++ b/src/libcharon/plugins/eap_radius/radius_client.c @@ -98,13 +98,14 @@ METHOD(radius_client_t, request, radius_message_t*, req->add(req, RAT_STATE, this->state); } socket = this->server->get_socket(this->server); - DBG1(DBG_CFG, "sending RADIUS %N to %#H", radius_message_code_names, - req->get_code(req), this->server->get_address(this->server)); + DBG1(DBG_CFG, "sending RADIUS %N to server '%s'", radius_message_code_names, + req->get_code(req), this->server->get_name(this->server)); res = socket->request(socket, req); if (res) { - DBG1(DBG_CFG, "received RADIUS %N from %#H", radius_message_code_names, - res->get_code(res), this->server->get_address(this->server)); + DBG1(DBG_CFG, "received RADIUS %N from server '%s'", + radius_message_code_names, res->get_code(res), + this->server->get_name(this->server)); save_state(this, res); if (res->get_code(res) == RMC_ACCESS_ACCEPT) { @@ -128,6 +129,7 @@ METHOD(radius_client_t, get_msk, chunk_t, METHOD(radius_client_t, destroy, void, private_radius_client_t *this) { + this->server->destroy(this->server); chunk_clear(&this->msk); free(this->state.ptr); free(this); @@ -159,15 +161,16 @@ radius_client_t *radius_client_create() /* for two with equal preference, 50-50 chance */ (current == best && random() % 2 == 0)) { - DBG2(DBG_CFG, "RADIUS server %H is candidate: %d", - server->get_address(server), current); + DBG2(DBG_CFG, "RADIUS server '%s' is candidate: %d", + server->get_name(server), current); best = current; - this->server = server; + DESTROY_IF(this->server); + this->server = server->get_ref(server); } else { - DBG2(DBG_CFG, "RADIUS server %H skipped: %d", - server->get_address(server), current); + DBG2(DBG_CFG, "RADIUS server '%s' skipped: %d", + server->get_name(server), current); } } enumerator->destroy(enumerator); diff --git a/src/libcharon/plugins/eap_radius/radius_server.c b/src/libcharon/plugins/eap_radius/radius_server.c index f54b8b2cd..3baf39807 100644 --- a/src/libcharon/plugins/eap_radius/radius_server.c +++ b/src/libcharon/plugins/eap_radius/radius_server.c @@ -32,11 +32,6 @@ struct private_radius_server_t { radius_server_t public; /** - * RADIUS server address - */ - host_t *host; - - /** * list of radius sockets, as radius_socket_t */ linked_list_t *sockets; @@ -57,9 +52,9 @@ struct private_radius_server_t { condvar_t *condvar; /** - * RADIUS secret + * Server name */ - chunk_t secret; + char *name; /** * NAS-Identifier @@ -80,6 +75,11 @@ struct private_radius_server_t { * Retry counter for unreachable servers */ int retry; + + /** + * reference count + */ + refcount_t ref; }; METHOD(radius_server_t, get_socket, radius_socket_t*, @@ -147,27 +147,37 @@ METHOD(radius_server_t, get_preference, int, return pref; } -METHOD(radius_server_t, get_address, host_t*, +METHOD(radius_server_t, get_name, char*, + private_radius_server_t *this) +{ + return this->name; +} + +METHOD(radius_server_t, get_ref, radius_server_t*, private_radius_server_t *this) { - return this->host; + ref_get(&this->ref); + return &this->public; } + METHOD(radius_server_t, destroy, void, private_radius_server_t *this) { - DESTROY_IF(this->host); - this->mutex->destroy(this->mutex); - this->condvar->destroy(this->condvar); - this->sockets->destroy_offset(this->sockets, - offsetof(radius_socket_t, destroy)); - free(this); + if (ref_put(&this->ref)) + { + this->mutex->destroy(this->mutex); + this->condvar->destroy(this->condvar); + this->sockets->destroy_offset(this->sockets, + offsetof(radius_socket_t, destroy)); + free(this); + } } /** * See header */ -radius_server_t *radius_server_create(char *server, u_int16_t port, +radius_server_t *radius_server_create(char *name, char *address, u_int16_t port, char *nas_identifier, char *secret, int sockets, int preference) { private_radius_server_t *this; @@ -179,7 +189,8 @@ radius_server_t *radius_server_create(char *server, u_int16_t port, .put_socket = _put_socket, .get_nas_identifier = _get_nas_identifier, .get_preference = _get_preference, - .get_address = _get_address, + .get_name = _get_name, + .get_ref = _get_ref, .destroy = _destroy, }, .reachable = TRUE, @@ -188,18 +199,14 @@ radius_server_t *radius_server_create(char *server, u_int16_t port, .sockets = linked_list_create(), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), - .host = host_create_from_dns(server, 0, port), + .name = name, .preference = preference, + .ref = 1, ); - if (!this->host) - { - destroy(this); - return NULL; - } while (sockets--) { - socket = radius_socket_create(this->host, + socket = radius_socket_create(address, port, chunk_create(secret, strlen(secret))); if (!socket) { diff --git a/src/libcharon/plugins/eap_radius/radius_server.h b/src/libcharon/plugins/eap_radius/radius_server.h index ba4c94619..c59361c49 100644 --- a/src/libcharon/plugins/eap_radius/radius_server.h +++ b/src/libcharon/plugins/eap_radius/radius_server.h @@ -61,11 +61,18 @@ struct radius_server_t { int (*get_preference)(radius_server_t *this); /** - * Get the address of the RADIUS server. + * Get the name of the RADIUS server. * - * @return address, internal data + * @return server name */ - host_t* (*get_address)(radius_server_t *this); + char* (*get_name)(radius_server_t *this); + + /** + * Increase reference count of this server. + * + * @return this + */ + radius_server_t* (*get_ref)(radius_server_t *this); /** * Destroy a radius_server_t. @@ -76,14 +83,15 @@ struct radius_server_t { /** * Create a radius_server instance. * - * @param server server address + * @param name server name + * @param address server address * @param port server port * @param nas_identifier NAS-Identifier to use with this server * @param secret secret to use with this server * @param sockets number of sockets to create in pool * @param preference preference boost for this server */ -radius_server_t *radius_server_create(char *server, u_int16_t port, +radius_server_t *radius_server_create(char *name, char *address, u_int16_t port, char *nas_identifier, char *secret, int sockets, int preference); #endif /** RADIUS_SERVER_H_ @}*/ diff --git a/src/libcharon/plugins/eap_radius/radius_socket.c b/src/libcharon/plugins/eap_radius/radius_socket.c index f46c27ede..b3229c288 100644 --- a/src/libcharon/plugins/eap_radius/radius_socket.c +++ b/src/libcharon/plugins/eap_radius/radius_socket.c @@ -49,6 +49,16 @@ struct private_radius_socket_t { int fd; /** + * Server address + */ + char *address; + + /** + * Server port + */ + u_int16_t port; + + /** * current RADIUS identifier */ u_int8_t identifier; @@ -74,6 +84,45 @@ struct private_radius_socket_t { chunk_t secret; }; +/** + * Check or establish RADIUS connection + */ +static bool check_connection(private_radius_socket_t *this) +{ + if (this->fd == -1) + { + host_t *server; + + server = host_create_from_dns(this->address, AF_UNSPEC, this->port); + if (!server) + { + DBG1(DBG_CFG, "resolving RADIUS server address '%s' failed", + this->address); + return FALSE; + } + this->fd = socket(server->get_family(server), SOCK_DGRAM, IPPROTO_UDP); + if (this->fd == -1) + { + DBG1(DBG_CFG, "opening RADIUS socket for %#H failed: %s", + server, strerror(errno)); + server->destroy(server); + return FALSE; + } + if (connect(this->fd, server->get_sockaddr(server), + *server->get_sockaddr_len(server)) < 0) + { + DBG1(DBG_CFG, "connecting RADIUS socket to %#H failed: %s", + server, strerror(errno)); + server->destroy(server); + close(this->fd); + this->fd = -1; + return FALSE; + } + server->destroy(server); + } + return TRUE; +} + METHOD(radius_socket_t, request, radius_message_t*, private_radius_socket_t *this, radius_message_t *request) { @@ -85,6 +134,11 @@ METHOD(radius_socket_t, request, radius_message_t*, /* sign the request */ request->sign(request, this->rng, this->signer); + if (!check_connection(this)) + { + return NULL; + } + data = request->get_encoding(request); /* timeout after 2, 3, 4, 5 seconds */ for (i = 2; i <= 5; i++) @@ -257,14 +311,18 @@ METHOD(radius_socket_t, destroy, void, DESTROY_IF(this->hasher); DESTROY_IF(this->signer); DESTROY_IF(this->rng); - close(this->fd); + if (this->fd != -1) + { + close(this->fd); + } free(this); } /** * See header */ -radius_socket_t *radius_socket_create(host_t *host, chunk_t secret) +radius_socket_t *radius_socket_create(char *address, u_int16_t port, + chunk_t secret) { private_radius_socket_t *this; @@ -274,23 +332,11 @@ radius_socket_t *radius_socket_create(host_t *host, chunk_t secret) .decrypt_msk = _decrypt_msk, .destroy = _destroy, }, + .address = address, + .port = port, + .fd = -1, ); - this->fd = socket(host->get_family(host), SOCK_DGRAM, IPPROTO_UDP); - if (this->fd < 0) - { - DBG1(DBG_CFG, "opening RADIUS socket failed: %s", strerror(errno)); - free(this); - return NULL; - } - if (connect(this->fd, host->get_sockaddr(host), - *host->get_sockaddr_len(host)) < 0) - { - DBG1(DBG_CFG, "connecting RADIUS socket failed"); - close(this->fd); - free(this); - return NULL; - } this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); this->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128); this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); diff --git a/src/libcharon/plugins/eap_radius/radius_socket.h b/src/libcharon/plugins/eap_radius/radius_socket.h index fe8491a8f..2875008eb 100644 --- a/src/libcharon/plugins/eap_radius/radius_socket.h +++ b/src/libcharon/plugins/eap_radius/radius_socket.h @@ -34,7 +34,7 @@ struct radius_socket_t { /** * Send a RADIUS request, wait for response. - + * * The socket fills in RADIUS Message identifier, builds a * Request-Authenticator and calculates the Message-Authenticator * attribute. @@ -66,9 +66,11 @@ struct radius_socket_t { /** * Create a radius_socket instance. * - * @param host RADIUS server address to connect to + * @param address server name + * @param port server port * @param secret RADIUS secret */ -radius_socket_t *radius_socket_create(host_t *host, chunk_t secret); +radius_socket_t *radius_socket_create(char *address, u_int16_t port, + chunk_t secret); #endif /** RADIUS_SOCKET_H_ @}*/ diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index 4d219b861..b9ab6656b 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c index a3506f4ba..083bf73a3 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_peer.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c @@ -56,6 +56,11 @@ struct private_eap_sim_peer_t { identification_t *reauth; /** + * EAP message identifier + */ + u_int8_t identifier; + + /** * EAP-SIM crypto helper */ simaka_crypto_t *crypto; @@ -98,7 +103,7 @@ static chunk_t version = chunk_from_chars(0x00,0x01); * Create a SIM_CLIENT_ERROR */ static eap_payload_t* create_client_error(private_eap_sim_peer_t *this, - u_int8_t identifier, simaka_client_error_t code) + simaka_client_error_t code) { simaka_message_t *message; eap_payload_t *out; @@ -106,7 +111,7 @@ static eap_payload_t* create_client_error(private_eap_sim_peer_t *this, DBG1(DBG_IKE, "sending client error '%N'", simaka_client_error_names, code); - message = simaka_message_create(FALSE, identifier, EAP_SIM, + message = simaka_message_create(FALSE, this->identifier, EAP_SIM, SIM_CLIENT_ERROR, this->crypto); encoded = htons(code); message->add_attribute(message, AT_CLIENT_ERROR_CODE, @@ -164,8 +169,7 @@ static status_t process_start(private_eap_sim_peer_t *this, default: if (!simaka_attribute_skippable(type)) { - *out = create_client_error(this, in->get_identifier(in), - SIM_UNABLE_TO_PROCESS); + *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); enumerator->destroy(enumerator); return NEED_MORE; } @@ -177,8 +181,7 @@ static status_t process_start(private_eap_sim_peer_t *this, if (!supported) { DBG1(DBG_IKE, "server does not support EAP-SIM version number 1"); - *out = create_client_error(this, in->get_identifier(in), - SIM_UNSUPPORTED_VERSION); + *out = create_client_error(this, SIM_UNSUPPORTED_VERSION); return NEED_MORE; } @@ -214,7 +217,7 @@ static status_t process_start(private_eap_sim_peer_t *this, free(this->nonce.ptr); rng->allocate_bytes(rng, NONCE_LEN, &this->nonce); - message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM, + message = simaka_message_create(FALSE, this->identifier, EAP_SIM, SIM_START, this->crypto); if (!this->reauth) { @@ -261,8 +264,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this, default: if (!simaka_attribute_skippable(type)) { - *out = create_client_error(this, in->get_identifier(in), - SIM_UNABLE_TO_PROCESS); + *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); enumerator->destroy(enumerator); return NEED_MORE; } @@ -277,8 +279,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this, memeq(rands.ptr, rands.ptr + SIM_RAND_LEN, SIM_RAND_LEN)) { DBG1(DBG_IKE, "no valid AT_RAND received"); - *out = create_client_error(this, in->get_identifier(in), - SIM_INSUFFICIENT_CHALLENGES); + *out = create_client_error(this, SIM_INSUFFICIENT_CHALLENGES); return NEED_MORE; } /* get two or three KCs/SRESes from SIM using RANDs */ @@ -290,8 +291,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this, rands.ptr, sres.ptr, kc.ptr)) { DBG1(DBG_IKE, "unable to get EAP-SIM triplet"); - *out = create_client_error(this, in->get_identifier(in), - SIM_UNABLE_TO_PROCESS); + *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); return NEED_MORE; } DBG3(DBG_IKE, "got triplet for RAND %b\n Kc %b\n SRES %b", @@ -316,8 +316,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this, * parse() again after key derivation, reading encrypted attributes */ if (!in->verify(in, this->nonce) || !in->parse(in)) { - *out = create_client_error(this, in->get_identifier(in), - SIM_UNABLE_TO_PROCESS); + *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); return NEED_MORE; } @@ -345,7 +344,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this, enumerator->destroy(enumerator); /* build response with AT_MAC, built over "EAP packet | n*SRES" */ - message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM, + message = simaka_message_create(FALSE, this->identifier, EAP_SIM, SIM_CHALLENGE, this->crypto); *out = message->generate(message, sreses); message->destroy(message); @@ -379,8 +378,7 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this, { DBG1(DBG_IKE, "received %N, but not expected", simaka_subtype_names, SIM_REAUTHENTICATION); - *out = create_client_error(this, in->get_identifier(in), - SIM_UNABLE_TO_PROCESS); + *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); return NEED_MORE; } @@ -390,8 +388,7 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this, /* verify MAC and parse again with decryption key */ if (!in->verify(in, chunk_empty) || !in->parse(in)) { - *out = create_client_error(this, in->get_identifier(in), - SIM_UNABLE_TO_PROCESS); + *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); return NEED_MORE; } @@ -412,8 +409,7 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this, default: if (!simaka_attribute_skippable(type)) { - *out = create_client_error(this, in->get_identifier(in), - SIM_UNABLE_TO_PROCESS); + *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); enumerator->destroy(enumerator); return NEED_MORE; } @@ -425,12 +421,11 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this, if (!nonce.len || !counter.len) { DBG1(DBG_IKE, "EAP-SIM/Request/Re-Authentication message incomplete"); - *out = create_client_error(this, in->get_identifier(in), - SIM_UNABLE_TO_PROCESS); + *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); return NEED_MORE; } - message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM, + message = simaka_message_create(FALSE, this->identifier, EAP_SIM, SIM_REAUTHENTICATION, this->crypto); if (counter_too_small(this, counter)) { @@ -503,40 +498,37 @@ static status_t process_notification(private_eap_sim_peer_t *this, if (success) { /* empty notification reply */ - message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM, + message = simaka_message_create(FALSE, this->identifier, EAP_SIM, SIM_NOTIFICATION, this->crypto); *out = message->generate(message, chunk_empty); message->destroy(message); } else { - *out = create_client_error(this, in->get_identifier(in), - SIM_UNABLE_TO_PROCESS); + *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); } return NEED_MORE; } -/** - * Implementation of eap_method_t.process - */ -static status_t process(private_eap_sim_peer_t *this, - eap_payload_t *in, eap_payload_t **out) +METHOD(eap_method_t, process, status_t, + private_eap_sim_peer_t *this, eap_payload_t *in, eap_payload_t **out) { simaka_message_t *message; status_t status; + /* store received EAP message identifier */ + this->identifier = in->get_identifier(in); + message = simaka_message_create_from_payload(in, this->crypto); if (!message) { - *out = create_client_error(this, in->get_identifier(in), - SIM_UNABLE_TO_PROCESS); + *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); return NEED_MORE; } if (!message->parse(message)) { message->destroy(message); - *out = create_client_error(this, in->get_identifier(in), - SIM_UNABLE_TO_PROCESS); + *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); return NEED_MORE; } switch (message->get_subtype(message)) @@ -556,8 +548,7 @@ static status_t process(private_eap_sim_peer_t *this, default: DBG1(DBG_IKE, "unable to process EAP-SIM subtype %N", simaka_subtype_names, message->get_subtype(message)); - *out = create_client_error(this, in->get_identifier(in), - SIM_UNABLE_TO_PROCESS); + *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); status = NEED_MORE; break; } @@ -565,28 +556,22 @@ static status_t process(private_eap_sim_peer_t *this, return status; } -/** - * Implementation of eap_method_t.initiate - */ -static status_t initiate(private_eap_sim_peer_t *this, eap_payload_t **out) +METHOD(eap_method_t, initiate, status_t, + private_eap_sim_peer_t *this, eap_payload_t **out) { /* peer never initiates */ return FAILED; } -/** - * Implementation of eap_method_t.get_type. - */ -static eap_type_t get_type(private_eap_sim_peer_t *this, u_int32_t *vendor) +METHOD(eap_method_t, get_type, eap_type_t, + private_eap_sim_peer_t *this, u_int32_t *vendor) { *vendor = 0; return EAP_SIM; } -/** - * Implementation of eap_method_t.get_msk. - */ -static status_t get_msk(private_eap_sim_peer_t *this, chunk_t *msk) +METHOD(eap_method_t, get_msk, status_t, + private_eap_sim_peer_t *this, chunk_t *msk) { if (this->msk.ptr) { @@ -596,18 +581,26 @@ static status_t get_msk(private_eap_sim_peer_t *this, chunk_t *msk) return FAILED; } -/** - * Implementation of eap_method_t.is_mutual. - */ -static bool is_mutual(private_eap_sim_peer_t *this) +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_sim_peer_t *this) +{ + return this->identifier; +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_sim_peer_t *this, u_int8_t identifier) +{ + this->identifier = identifier; +} + +METHOD(eap_method_t, is_mutual, bool, + private_eap_sim_peer_t *this) { return TRUE; } -/** - * Implementation of eap_method_t.destroy. - */ -static void destroy(private_eap_sim_peer_t *this) +METHOD(eap_method_t, destroy, void, + private_eap_sim_peer_t *this) { this->permanent->destroy(this->permanent); DESTROY_IF(this->pseudonym); @@ -625,28 +618,32 @@ static void destroy(private_eap_sim_peer_t *this) eap_sim_peer_t *eap_sim_peer_create(identification_t *server, identification_t *peer) { - private_eap_sim_peer_t *this = malloc_thing(private_eap_sim_peer_t); - - this->public.interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; - this->public.interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; - this->public.interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; - this->public.interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; - this->public.interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; - this->public.interface.destroy = (void(*)(eap_method_t*))destroy; + private_eap_sim_peer_t *this; + + INIT(this, + .public = { + .interface = { + .initiate = _initiate, + .process = _process, + .get_type = _get_type, + .is_mutual = _is_mutual, + .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, + .destroy = _destroy, + }, + }, + .crypto = simaka_crypto_create(), + ); - this->crypto = simaka_crypto_create(); if (!this->crypto) { free(this); return NULL; } + this->permanent = peer->clone(peer); - this->pseudonym = NULL; - this->reauth = NULL; this->tries = MAX_TRIES; - this->version_list = chunk_empty; - this->nonce = chunk_empty; - this->msk = chunk_empty; return &this->public; } diff --git a/src/libcharon/plugins/eap_sim/eap_sim_plugin.c b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c index f0c972253..b15292544 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_plugin.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c @@ -20,10 +20,14 @@ #include <daemon.h> -/** - * Implementation of plugin_t.destroy - */ -static void destroy(eap_sim_plugin_t *this) +METHOD(plugin_t, get_name, char*, + eap_sim_plugin_t *this) +{ + return "eap-sim"; +} + +METHOD(plugin_t, destroy, void, + eap_sim_plugin_t *this) { charon->eap->remove_method(charon->eap, (eap_constructor_t)eap_sim_server_create); @@ -37,9 +41,15 @@ static void destroy(eap_sim_plugin_t *this) */ plugin_t *eap_sim_plugin_create() { - eap_sim_plugin_t *this = malloc_thing(eap_sim_plugin_t); - - this->plugin.destroy = (void(*)(plugin_t*))destroy; + eap_sim_plugin_t *this; + + INIT(this, + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + ); charon->eap->add_method(charon->eap, EAP_SIM, 0, EAP_SERVER, (eap_constructor_t)eap_sim_server_create); diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c index f6d5df09b..d1dfde5d6 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_server.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c @@ -107,10 +107,8 @@ struct private_eap_sim_server_t { /* version of SIM protocol we speak */ static chunk_t version = chunk_from_chars(0x00,0x01); -/** - * Implementation of eap_method_t.initiate - */ -static status_t initiate(private_eap_sim_server_t *this, eap_payload_t **out) +METHOD(eap_method_t, initiate, status_t, + private_eap_sim_server_t *this, eap_payload_t **out) { simaka_message_t *message; @@ -479,11 +477,8 @@ static status_t process_client_error(private_eap_sim_server_t *this, return FAILED; } -/** - * Implementation of eap_method_t.process - */ -static status_t process(private_eap_sim_server_t *this, - eap_payload_t *in, eap_payload_t **out) +METHOD(eap_method_t, process, status_t, + private_eap_sim_server_t *this, eap_payload_t *in, eap_payload_t **out) { simaka_message_t *message; status_t status; @@ -522,19 +517,15 @@ static status_t process(private_eap_sim_server_t *this, return status; } -/** - * Implementation of eap_method_t.get_type. - */ -static eap_type_t get_type(private_eap_sim_server_t *this, u_int32_t *vendor) +METHOD(eap_method_t, get_type, eap_type_t, + private_eap_sim_server_t *this, u_int32_t *vendor) { *vendor = 0; return EAP_SIM; } -/** - * Implementation of eap_method_t.get_msk. - */ -static status_t get_msk(private_eap_sim_server_t *this, chunk_t *msk) +METHOD(eap_method_t, get_msk, status_t, + private_eap_sim_server_t *this, chunk_t *msk) { if (this->msk.ptr) { @@ -544,18 +535,26 @@ static status_t get_msk(private_eap_sim_server_t *this, chunk_t *msk) return FAILED; } -/** - * Implementation of eap_method_t.is_mutual. - */ -static bool is_mutual(private_eap_sim_server_t *this) +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_sim_server_t *this) +{ + return this->identifier; +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_sim_server_t *this, u_int8_t identifier) +{ + this->identifier = identifier; +} + +METHOD(eap_method_t, is_mutual, bool, + private_eap_sim_server_t *this) { return TRUE; } -/** - * Implementation of eap_method_t.destroy. - */ -static void destroy(private_eap_sim_server_t *this) +METHOD(eap_method_t, destroy, void, + private_eap_sim_server_t *this) { this->crypto->destroy(this->crypto); this->permanent->destroy(this->permanent); @@ -574,29 +573,31 @@ static void destroy(private_eap_sim_server_t *this) eap_sim_server_t *eap_sim_server_create(identification_t *server, identification_t *peer) { - private_eap_sim_server_t *this = malloc_thing(private_eap_sim_server_t); + private_eap_sim_server_t *this; + + INIT(this, + .public = { + .interface = { + .initiate = _initiate, + .process = _process, + .get_type = _get_type, + .is_mutual = _is_mutual, + .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, + .destroy = _destroy, + }, + }, + .crypto = simaka_crypto_create(), + ); - this->public.interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; - this->public.interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; - this->public.interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; - this->public.interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; - this->public.interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; - this->public.interface.destroy = (void(*)(eap_method_t*))destroy; - - this->crypto = simaka_crypto_create(); if (!this->crypto) { free(this); return NULL; } + this->permanent = peer->clone(peer); - this->pseudonym = NULL; - this->reauth = NULL; - this->sreses = chunk_empty; - this->nonce = chunk_empty; - this->msk = chunk_empty; - this->counter = chunk_empty; - this->pending = 0; this->use_reauth = this->use_pseudonym = this->use_permanent = lib->settings->get_bool(lib->settings, "charon.plugins.eap-sim.request_identity", TRUE); diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index fb72884d4..5662a1c53 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -224,13 +224,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -251,6 +245,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -269,14 +265,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c index d132a38f6..5397c418e 100644 --- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c @@ -35,11 +35,9 @@ struct private_eap_sim_file_card_t { eap_sim_file_triplets_t *triplets; }; -/** - * Implementation of sim_card_t.get_triplet - */ -static bool get_triplet(private_eap_sim_file_card_t *this, - identification_t *id, char *rand, char *sres, char *kc) +METHOD(sim_card_t, get_triplet, bool, + private_eap_sim_file_card_t *this, identification_t *id, + char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]) { enumerator_t *enumerator; identification_t *cand; @@ -68,18 +66,16 @@ static bool get_triplet(private_eap_sim_file_card_t *this, return FALSE; } -/** - * Implementation of sim_card_t.get_quintuplet - */ -static status_t get_quintuplet() +METHOD(sim_card_t, get_quintuplet, status_t, + private_eap_sim_file_card_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], + char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len) { return NOT_SUPPORTED; } -/** - * Implementation of eap_sim_file_card_t.destroy. - */ -static void destroy(private_eap_sim_file_card_t *this) +METHOD(eap_sim_file_card_t, destroy, void, + private_eap_sim_file_card_t *this) { free(this); } @@ -89,18 +85,23 @@ static void destroy(private_eap_sim_file_card_t *this) */ eap_sim_file_card_t *eap_sim_file_card_create(eap_sim_file_triplets_t *triplets) { - private_eap_sim_file_card_t *this = malloc_thing(private_eap_sim_file_card_t); - - this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet; - this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len))get_quintuplet; - this->public.card.resync = (bool(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false; - this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *perm))return_null; - this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *id, identification_t *pseudonym))nop; - this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null; - this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop; - this->public.destroy = (void(*)(eap_sim_file_card_t*))destroy; - - this->triplets = triplets; + private_eap_sim_file_card_t *this; + + INIT(this, + .public = { + .card = { + .get_triplet = _get_triplet, + .get_quintuplet = _get_quintuplet, + .resync = (void*)return_false, + .get_pseudonym = (void*)return_null, + .set_pseudonym = (void*)nop, + .get_reauth = (void*)return_null, + .set_reauth = (void*)nop, + }, + .destroy = _destroy, + }, + .triplets = triplets, + ); return &this->public; } diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c index 4f25c35ea..0ab5a1848 100644 --- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c @@ -50,10 +50,14 @@ struct private_eap_sim_file_t { eap_sim_file_triplets_t *triplets; }; -/** - * Implementation of eap_sim_file_t.destroy. - */ -static void destroy(private_eap_sim_file_t *this) +METHOD(plugin_t, get_name, char*, + private_eap_sim_file_t *this) +{ + return "eap-sim-file"; +} + +METHOD(plugin_t, destroy, void, + private_eap_sim_file_t *this) { charon->sim->remove_card(charon->sim, &this->card->card); charon->sim->remove_provider(charon->sim, &this->provider->provider); @@ -68,11 +72,19 @@ static void destroy(private_eap_sim_file_t *this) */ plugin_t *eap_sim_file_plugin_create() { - private_eap_sim_file_t *this = malloc_thing(private_eap_sim_file_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + private_eap_sim_file_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .triplets = eap_sim_file_triplets_create(TRIPLET_FILE), + ); - this->triplets = eap_sim_file_triplets_create(TRIPLET_FILE); this->provider = eap_sim_file_provider_create(this->triplets); if (!this->provider) { diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c index 9bee31fc3..38b651404 100644 --- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c @@ -35,11 +35,9 @@ struct private_eap_sim_file_provider_t { eap_sim_file_triplets_t *triplets; }; -/** - * Implementation of sim_provider_t.get_triplet - */ -static bool get_triplet(private_eap_sim_file_provider_t *this, - identification_t *id, char *rand, char *sres, char *kc) +METHOD(sim_provider_t, get_triplet, bool, + private_eap_sim_file_provider_t *this, identification_t *id, + char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]) { enumerator_t *enumerator; identification_t *cand; @@ -61,10 +59,8 @@ static bool get_triplet(private_eap_sim_file_provider_t *this, return FALSE; } -/** - * Implementation of eap_sim_file_provider_t.destroy. - */ -static void destroy(private_eap_sim_file_provider_t *this) +METHOD(eap_sim_file_provider_t, destroy, void, + private_eap_sim_file_provider_t *this) { free(this); } @@ -75,18 +71,23 @@ static void destroy(private_eap_sim_file_provider_t *this) eap_sim_file_provider_t *eap_sim_file_provider_create( eap_sim_file_triplets_t *triplets) { - private_eap_sim_file_provider_t *this = malloc_thing(private_eap_sim_file_provider_t); - - this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet; - this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false; - this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false; - this->public.provider.is_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null; - this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null; - this->public.provider.is_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_null; - this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null; - this->public.destroy = (void(*)(eap_sim_file_provider_t*))destroy; + private_eap_sim_file_provider_t *this; - this->triplets = triplets; + INIT(this, + .public = { + .provider = { + .get_triplet = _get_triplet, + .get_quintuplet = (void*)return_false, + .resync = (void*)return_false, + .is_pseudonym = (void*)return_null, + .gen_pseudonym = (void*)return_null, + .is_reauth = (void*)return_null, + .gen_reauth = (void*)return_null, + }, + .destroy = _destroy, + }, + .triplets = triplets, + ); return &this->public; } diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c index 6b7d99fb7..c693923fe 100644 --- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c @@ -117,10 +117,8 @@ static bool enumerator_enumerate(triplet_enumerator_t *e, identification_t **ims return FALSE; } -/** - * Implementation of eap_sim_file_triplets_t.create_enumerator - */ -static enumerator_t* create_enumerator(private_eap_sim_file_triplets_t *this) +METHOD(eap_sim_file_triplets_t, create_enumerator, enumerator_t*, + private_eap_sim_file_triplets_t *this) { triplet_enumerator_t *enumerator = malloc_thing(triplet_enumerator_t); @@ -230,10 +228,8 @@ static void read_triplets(private_eap_sim_file_triplets_t *this, char *path) this->triplets->get_count(this->triplets), path); } -/** - * Implementation of eap_sim_file_triplets_t.destroy. - */ -static void destroy(private_eap_sim_file_triplets_t *this) +METHOD(eap_sim_file_triplets_t, destroy, void, + private_eap_sim_file_triplets_t *this) { this->triplets->destroy_function(this->triplets, (void*)triplet_destroy); this->mutex->destroy(this->mutex); @@ -245,14 +241,16 @@ static void destroy(private_eap_sim_file_triplets_t *this) */ eap_sim_file_triplets_t *eap_sim_file_triplets_create(char *file) { - private_eap_sim_file_triplets_t *this = malloc_thing(private_eap_sim_file_triplets_t); - - this->public.create_enumerator = (enumerator_t*(*)(eap_sim_file_triplets_t*))create_enumerator; - this->public.destroy = (void(*)(eap_sim_file_triplets_t*))destroy; - - this->triplets = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + private_eap_sim_file_triplets_t *this; + INIT(this, + .public = { + .create_enumerator = _create_enumerator, + .destroy = _destroy, + }, + .triplets = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + ); read_triplets(this, file); return &this->public; diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.am b/src/libcharon/plugins/eap_sim_pcsc/Makefile.am new file mode 100644 index 000000000..2d75fe3ad --- /dev/null +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.am @@ -0,0 +1,18 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic ${pcsclite_CFLAGS} + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-sim-pcsc.la +else +plugin_LTLIBRARIES = libstrongswan-eap-sim-pcsc.la +endif + +libstrongswan_eap_sim_pcsc_la_SOURCES = \ + eap_sim_pcsc_plugin.h eap_sim_pcsc_plugin.c \ + eap_sim_pcsc_card.h eap_sim_pcsc_card.c + +libstrongswan_eap_sim_pcsc_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_sim_pcsc_la_LIBADD = ${pcsclite_LIBS} diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in new file mode 100644 index 000000000..a8249a7ac --- /dev/null +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in @@ -0,0 +1,611 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/eap_sim_pcsc +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +am__DEPENDENCIES_1 = +libstrongswan_eap_sim_pcsc_la_DEPENDENCIES = $(am__DEPENDENCIES_1) +am_libstrongswan_eap_sim_pcsc_la_OBJECTS = eap_sim_pcsc_plugin.lo \ + eap_sim_pcsc_card.lo +libstrongswan_eap_sim_pcsc_la_OBJECTS = \ + $(am_libstrongswan_eap_sim_pcsc_la_OBJECTS) +libstrongswan_eap_sim_pcsc_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_eap_sim_pcsc_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_sim_pcsc_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_sim_pcsc_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_eap_sim_pcsc_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_sim_pcsc_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic ${pcsclite_CFLAGS} +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-sim-pcsc.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-sim-pcsc.la +libstrongswan_eap_sim_pcsc_la_SOURCES = \ + eap_sim_pcsc_plugin.h eap_sim_pcsc_plugin.c \ + eap_sim_pcsc_card.h eap_sim_pcsc_card.c + +libstrongswan_eap_sim_pcsc_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_sim_pcsc_la_LIBADD = ${pcsclite_LIBS} +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_pcsc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_pcsc/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-eap-sim-pcsc.la: $(libstrongswan_eap_sim_pcsc_la_OBJECTS) $(libstrongswan_eap_sim_pcsc_la_DEPENDENCIES) + $(libstrongswan_eap_sim_pcsc_la_LINK) $(am_libstrongswan_eap_sim_pcsc_la_rpath) $(libstrongswan_eap_sim_pcsc_la_OBJECTS) $(libstrongswan_eap_sim_pcsc_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_sim_pcsc_card.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_sim_pcsc_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c new file mode 100644 index 000000000..d0a2718f3 --- /dev/null +++ b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c @@ -0,0 +1,392 @@ +/* + * Copyright (C) 2011 Duncan Salerno + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_sim_pcsc_card.h" + +#include <PCSC/wintypes.h> +#include <PCSC/winscard.h> +#include <daemon.h> + +typedef struct private_eap_sim_pcsc_card_t private_eap_sim_pcsc_card_t; + +/** + * Private data of an eap_sim_pcsc_card_t object. + */ +struct private_eap_sim_pcsc_card_t { + + /** + * Public eap_sim_pcsc_card_t interface. + */ + eap_sim_pcsc_card_t public; +}; + +/** + * Maximum length for an IMSI. + */ +#define SIM_IMSI_MAX_LEN 15 + +/** + * Length of the status at the end of response APDUs. + */ +#define APDU_STATUS_LEN 2 + +/** + * First byte of status word indicating success. + */ +#define APDU_SW1_SUCCESS 0x90 + +/** + * First byte of status word indicating there is response data to be read. + */ +#define APDU_SW1_RESPONSE_DATA 0x9f + +/** + * Decode IMSI EF (Elementary File) into an ASCII string + */ +static bool decode_imsi_ef(unsigned char *input, int input_len, char *output) +{ + /* Only digits 0-9 valid in IMSIs */ + static const char bcd_num_digits[] = { + '0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', '\0', '\0', '\0', '\0', '\0', '\0' + }; + int i; + + /* Check length byte matches how many bytes we have, and that input + * is correct length for an IMSI */ + if (input[0] != input_len-1 || input_len < 2 || input_len > 9) + { + return FALSE; + } + + /* Check type byte is IMSI (bottom 3 bits == 001) */ + if ((input[1] & 0x07) != 0x01) + { + return FALSE; + } + *output++ = bcd_num_digits[input[1] >> 4]; + + for (i = 2; i < input_len; i++) + { + *output++ = bcd_num_digits[input[i] & 0xf]; + *output++ = bcd_num_digits[input[i] >> 4]; + } + + *output++ = '\0'; + return TRUE; +} + +METHOD(sim_card_t, get_triplet, bool, + private_eap_sim_pcsc_card_t *this, identification_t *id, + char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]) +{ + status_t found = FALSE; + LONG rv; + SCARDCONTEXT hContext; + DWORD dwReaders; + LPSTR mszReaders; + char *cur_reader; + char full_nai[128]; + SCARDHANDLE hCard; + enum { DISCONNECTED, CONNECTED, TRANSACTION } hCard_status = DISCONNECTED; + + snprintf(full_nai, sizeof(full_nai), "%Y", id); + + DBG2(DBG_IKE, "looking for triplet: %Y rand %b", id, rand, SIM_RAND_LEN); + + rv = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &hContext); + if (rv != SCARD_S_SUCCESS) + { + DBG1(DBG_IKE, "SCardEstablishContext: %s", pcsc_stringify_error(rv)); + return FALSE; + } + + rv = SCardListReaders(hContext, NULL, NULL, &dwReaders); + if (rv != SCARD_S_SUCCESS) + { + DBG1(DBG_IKE, "SCardListReaders: %s", pcsc_stringify_error(rv)); + return FALSE; + } + mszReaders = malloc(sizeof(char)*dwReaders); + + rv = SCardListReaders(hContext, NULL, mszReaders, &dwReaders); + if (rv != SCARD_S_SUCCESS) + { + DBG1(DBG_IKE, "SCardListReaders: %s", pcsc_stringify_error(rv)); + return FALSE; + } + + /* mszReaders is a multi-string of readers, separated by '\0' and + * terminated by an additional '\0' */ + for (cur_reader = mszReaders; *cur_reader != '\0' && found == FALSE; + cur_reader += strlen(cur_reader) + 1) + { + DWORD dwActiveProtocol = -1; + SCARD_IO_REQUEST *pioSendPci; + SCARD_IO_REQUEST pioRecvPci; + BYTE pbRecvBuffer[64]; + DWORD dwRecvLength; + char imsi[SIM_IMSI_MAX_LEN + 1]; + + /* See GSM 11.11 for SIM APDUs */ + static const BYTE pbSelectMF[] = { 0xa0, 0xa4, 0x00, 0x00, 0x02, 0x3f, 0x00 }; + static const BYTE pbSelectDFGSM[] = { 0xa0, 0xa4, 0x00, 0x00, 0x02, 0x7f, 0x20 }; + static const BYTE pbSelectIMSI[] = { 0xa0, 0xa4, 0x00, 0x00, 0x02, 0x6f, 0x07 }; + static const BYTE pbReadBinary[] = { 0xa0, 0xb0, 0x00, 0x00, 0x09 }; + BYTE pbRunGSMAlgorithm[5 + SIM_RAND_LEN] = { 0xa0, 0x88, 0x00, 0x00, 0x10 }; + static const BYTE pbGetResponse[] = { 0xa0, 0xc0, 0x00, 0x00, 0x0c }; + + /* If on 2nd or later reader, make sure we end the transaction + * and disconnect card in the previous reader */ + switch (hCard_status) + { + case TRANSACTION: + SCardEndTransaction(hCard, SCARD_LEAVE_CARD); + /* FALLTHRU */ + case CONNECTED: + SCardDisconnect(hCard, SCARD_LEAVE_CARD); + /* FALLTHRU */ + case DISCONNECTED: + hCard_status = DISCONNECTED; + } + + /* Copy RAND into APDU */ + memcpy(pbRunGSMAlgorithm + 5, rand, SIM_RAND_LEN); + + rv = SCardConnect(hContext, cur_reader, SCARD_SHARE_SHARED, + SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &hCard, &dwActiveProtocol); + if (rv != SCARD_S_SUCCESS) + { + DBG1(DBG_IKE, "SCardConnect: %s", pcsc_stringify_error(rv)); + continue; + } + hCard_status = CONNECTED; + + switch(dwActiveProtocol) + { + case SCARD_PROTOCOL_T0: + pioSendPci = SCARD_PCI_T0; + break; + case SCARD_PROTOCOL_T1: + pioSendPci = SCARD_PCI_T1; + break; + default: + DBG1(DBG_IKE, "Unknown SCARD_PROTOCOL"); + continue; + } + + /* Start transaction */ + rv = SCardBeginTransaction(hCard); + if (rv != SCARD_S_SUCCESS) + { + DBG1(DBG_IKE, "SCardBeginTransaction: %s", pcsc_stringify_error(rv)); + continue; + } + hCard_status = TRANSACTION; + + /* APDU: Select MF */ + dwRecvLength = sizeof(pbRecvBuffer); + rv = SCardTransmit(hCard, pioSendPci, pbSelectMF, sizeof(pbSelectMF), + &pioRecvPci, pbRecvBuffer, &dwRecvLength); + if (rv != SCARD_S_SUCCESS) + { + DBG1(DBG_IKE, "SCardTransmit: %s", pcsc_stringify_error(rv)); + continue; + } + if (dwRecvLength < APDU_STATUS_LEN || + pbRecvBuffer[dwRecvLength-APDU_STATUS_LEN] != APDU_SW1_RESPONSE_DATA) + { + DBG1(DBG_IKE, "Select MF failed: %b", pbRecvBuffer, dwRecvLength); + continue; + } + + /* APDU: Select DF GSM */ + dwRecvLength = sizeof(pbRecvBuffer); + rv = SCardTransmit(hCard, pioSendPci, pbSelectDFGSM, sizeof(pbSelectDFGSM), + &pioRecvPci, pbRecvBuffer, &dwRecvLength); + if (rv != SCARD_S_SUCCESS) + { + DBG1(DBG_IKE, "SCardTransmit: %s", pcsc_stringify_error(rv)); + continue; + } + if (dwRecvLength < APDU_STATUS_LEN || + pbRecvBuffer[dwRecvLength-APDU_STATUS_LEN] != APDU_SW1_RESPONSE_DATA) + { + DBG1(DBG_IKE, "Select DF GSM failed: %b", pbRecvBuffer, dwRecvLength); + continue; + } + + /* APDU: Select IMSI */ + dwRecvLength = sizeof(pbRecvBuffer); + rv = SCardTransmit(hCard, pioSendPci, pbSelectIMSI, sizeof(pbSelectIMSI), + &pioRecvPci, pbRecvBuffer, &dwRecvLength); + if (rv != SCARD_S_SUCCESS) + { + DBG1(DBG_IKE, "SCardTransmit: %s", pcsc_stringify_error(rv)); + continue; + } + if (dwRecvLength < APDU_STATUS_LEN || + pbRecvBuffer[dwRecvLength-APDU_STATUS_LEN] != APDU_SW1_RESPONSE_DATA) + { + DBG1(DBG_IKE, "Select IMSI failed: %b", pbRecvBuffer, dwRecvLength); + continue; + } + + /* APDU: Read Binary (of IMSI) */ + dwRecvLength = sizeof(pbRecvBuffer); + rv = SCardTransmit(hCard, pioSendPci, pbReadBinary, sizeof(pbReadBinary), + &pioRecvPci, pbRecvBuffer, &dwRecvLength); + if (rv != SCARD_S_SUCCESS) + { + DBG1(DBG_IKE, "SCardTransmit: %s", pcsc_stringify_error(rv)); + continue; + } + if (dwRecvLength < APDU_STATUS_LEN || + pbRecvBuffer[dwRecvLength-APDU_STATUS_LEN] != APDU_SW1_SUCCESS) + { + DBG1(DBG_IKE, "Select IMSI failed: %b", pbRecvBuffer, dwRecvLength); + continue; + } + + if (!decode_imsi_ef(pbRecvBuffer, dwRecvLength-APDU_STATUS_LEN, imsi)) + { + DBG1(DBG_IKE, "Couldn't decode IMSI EF: %b", + pbRecvBuffer, dwRecvLength); + continue; + } + + /* The IMSI could be post/prefixed in the full NAI, so just make sure + * it's in there */ + if (!(strlen(full_nai) && strstr(full_nai, imsi))) + { + DBG1(DBG_IKE, "Not the SIM we're looking for, IMSI: %s", imsi); + continue; + } + + /* APDU: Run GSM Algorithm */ + dwRecvLength = sizeof(pbRecvBuffer); + rv = SCardTransmit(hCard, pioSendPci, + pbRunGSMAlgorithm, sizeof(pbRunGSMAlgorithm), + &pioRecvPci, pbRecvBuffer, &dwRecvLength); + if (rv != SCARD_S_SUCCESS) + { + DBG1(DBG_IKE, "SCardTransmit: %s", pcsc_stringify_error(rv)); + continue; + } + if (dwRecvLength < APDU_STATUS_LEN || + pbRecvBuffer[dwRecvLength-APDU_STATUS_LEN] != APDU_SW1_RESPONSE_DATA) + { + DBG1(DBG_IKE, "Run GSM Algorithm failed: %b", + pbRecvBuffer, dwRecvLength); + continue; + } + + /* APDU: Get Response (of Run GSM Algorithm) */ + dwRecvLength = sizeof(pbRecvBuffer); + rv = SCardTransmit(hCard, pioSendPci, pbGetResponse, sizeof(pbGetResponse), + &pioRecvPci, pbRecvBuffer, &dwRecvLength); + if (rv != SCARD_S_SUCCESS) + { + DBG1(DBG_IKE, "SCardTransmit: %s", pcsc_stringify_error(rv)); + continue; + } + + if (dwRecvLength < APDU_STATUS_LEN || + pbRecvBuffer[dwRecvLength-APDU_STATUS_LEN] != APDU_SW1_SUCCESS) + { + DBG1(DBG_IKE, "Get Response failed: %b", pbRecvBuffer, dwRecvLength); + continue; + } + + /* Extract out Kc and SRES from response */ + if (dwRecvLength == SIM_SRES_LEN + SIM_KC_LEN + APDU_STATUS_LEN) + { + memcpy(sres, pbRecvBuffer, SIM_SRES_LEN); + memcpy(kc, pbRecvBuffer+4, SIM_KC_LEN); + /* This will also cause the loop to exit */ + found = TRUE; + } + else + { + DBG1(DBG_IKE, "Get Response incorrect length: %b", + pbRecvBuffer, dwRecvLength); + continue; + } + + /* Transaction will be ended and card disconnected at the + * beginning of this loop or after this loop */ + } + + /* Make sure we end any previous transaction and disconnect card */ + switch (hCard_status) + { + case TRANSACTION: + SCardEndTransaction(hCard, SCARD_LEAVE_CARD); + /* FALLTHRU */ + case CONNECTED: + SCardDisconnect(hCard, SCARD_LEAVE_CARD); + /* FALLTHRU */ + case DISCONNECTED: + hCard_status = DISCONNECTED; + } + + rv = SCardReleaseContext(hContext); + if (rv != SCARD_S_SUCCESS) + { + DBG1(DBG_IKE, "SCardReleaseContext: %s", pcsc_stringify_error(rv)); + } + + free(mszReaders); + return found; +} + +METHOD(sim_card_t, get_quintuplet, status_t, + private_eap_sim_pcsc_card_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], + char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len) +{ + return NOT_SUPPORTED; +} + +METHOD(eap_sim_pcsc_card_t, destroy, void, + private_eap_sim_pcsc_card_t *this) +{ + free(this); +} + +/** + * See header + */ +eap_sim_pcsc_card_t *eap_sim_pcsc_card_create() +{ + private_eap_sim_pcsc_card_t *this; + + INIT(this, + .public = { + .card = { + .get_triplet = _get_triplet, + .get_quintuplet = _get_quintuplet, + .resync = (void*)return_false, + .get_pseudonym = (void*)return_null, + .set_pseudonym = (void*)nop, + .get_reauth = (void*)return_null, + .set_reauth = (void*)nop, + }, + .destroy = _destroy, + }, + ); + + return &this->public; +} + diff --git a/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.h b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.h new file mode 100644 index 000000000..e7659656b --- /dev/null +++ b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.h @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2011 Duncan Salerno + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_sim_pcsc_card eap_sim_pcsc_card + * @{ @ingroup eap_sim_pcsc + */ + +#ifndef EAP_SIM_PCSC_CARD_H_ +#define EAP_SIM_PCSC_CARD_H_ + +#include <sa/authenticators/eap/sim_manager.h> + +typedef struct eap_sim_pcsc_card_t eap_sim_pcsc_card_t; + +/** + * SIM card implementation using a PCSC reader. + */ +struct eap_sim_pcsc_card_t { + + /** + * Implements sim_card_t interface + */ + sim_card_t card; + + /** + * Destroy a eap_sim_pcsc_card_t. + */ + void (*destroy)(eap_sim_pcsc_card_t *this); +}; + +/** + * Create a eap_sim_pcsc_card instance. + */ +eap_sim_pcsc_card_t *eap_sim_pcsc_card_create(); + +#endif /** EAP_SIM_PCSC_CARD_H_ @}*/ diff --git a/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_plugin.c b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_plugin.c new file mode 100644 index 000000000..44096455e --- /dev/null +++ b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_plugin.c @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2011 Duncan Salerno + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_sim_pcsc_plugin.h" +#include "eap_sim_pcsc_card.h" + +#include <daemon.h> + +typedef struct private_eap_sim_pcsc_plugin_t private_eap_sim_pcsc_plugin_t; + +/** + * Private data of an eap_sim_pcsc_t object. + */ +struct private_eap_sim_pcsc_plugin_t { + + /** + * Public eap_sim_pcsc_plugin_t interface. + */ + eap_sim_pcsc_plugin_t public; + + /** + * SIM card + */ + eap_sim_pcsc_card_t *card; +}; + +METHOD(plugin_t, get_name, char*, + private_eap_sim_pcsc_plugin_t *this) +{ + return "eap-sim-pcsc"; +} + +METHOD(plugin_t, destroy, void, + private_eap_sim_pcsc_plugin_t *this) +{ + charon->sim->remove_card(charon->sim, &this->card->card); + this->card->destroy(this->card); + free(this); +} + +/** + * See header + */ +plugin_t *eap_sim_pcsc_plugin_create() +{ + private_eap_sim_pcsc_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .card = eap_sim_pcsc_card_create(), + ); + charon->sim->add_card(charon->sim, &this->card->card); + + return &this->public.plugin; +} + diff --git a/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_plugin.h b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_plugin.h new file mode 100644 index 000000000..a03ca1f9c --- /dev/null +++ b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_plugin.h @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2011 Duncan Salerno + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_sim_pcsc eap_sim_pcsc + * @ingroup cplugins + * + * @defgroup eap_sim_pcsc_plugin eap_sim_pcsc_plugin + * @{ @ingroup eap_sim_pcsc + */ + +#ifndef EAP_SIM_PCSC_PLUGIN_H_ +#define EAP_SIM_PCSC_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct eap_sim_pcsc_plugin_t eap_sim_pcsc_plugin_t; + +/** + * Plugin to provide a SIM card from a PCSC reader. + */ +struct eap_sim_pcsc_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** EAP_SIM_PCSC_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index f7fc71bdf..98e80bc71 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -225,13 +225,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -252,6 +246,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -270,14 +266,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c index 81b9d7b00..06631b1c5 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c @@ -42,10 +42,14 @@ struct private_eap_simaka_pseudonym_t { eap_simaka_pseudonym_provider_t *provider; }; -/** - * Implementation of eap_simaka_pseudonym_t.destroy. - */ -static void destroy(private_eap_simaka_pseudonym_t *this) +METHOD(plugin_t, get_name, char*, + private_eap_simaka_pseudonym_t *this) +{ + return "eap-simaka-pseudonym"; +} + +METHOD(plugin_t, destroy, void, + private_eap_simaka_pseudonym_t *this) { charon->sim->remove_card(charon->sim, &this->card->card); charon->sim->remove_provider(charon->sim, &this->provider->provider); @@ -61,11 +65,17 @@ plugin_t *eap_simaka_pseudonym_plugin_create() { private_eap_simaka_pseudonym_t *this; - this = malloc_thing(private_eap_simaka_pseudonym_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .provider = eap_simaka_pseudonym_provider_create(), + ); - this->provider = eap_simaka_pseudonym_provider_create(); if (!this->provider) { free(this); diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index f26ec64df..56bc188b0 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -224,13 +224,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -251,6 +245,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -269,14 +265,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c index 987a0e109..343e4eefb 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c @@ -42,10 +42,14 @@ struct private_eap_simaka_reauth_t { eap_simaka_reauth_provider_t *provider; }; -/** - * Implementation of eap_simaka_reauth_t.destroy. - */ -static void destroy(private_eap_simaka_reauth_t *this) +METHOD(plugin_t, get_name, char*, + private_eap_simaka_reauth_t *this) +{ + return "eap-simaka-reauth"; +} + +METHOD(plugin_t, destroy, void, + private_eap_simaka_reauth_t *this) { charon->sim->remove_card(charon->sim, &this->card->card); charon->sim->remove_provider(charon->sim, &this->provider->provider); @@ -59,11 +63,19 @@ static void destroy(private_eap_simaka_reauth_t *this) */ plugin_t *eap_simaka_reauth_plugin_create() { - private_eap_simaka_reauth_t *this = malloc_thing(private_eap_simaka_reauth_t); + private_eap_simaka_reauth_t *this; - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .provider = eap_simaka_reauth_provider_create(), + ); - this->provider = eap_simaka_reauth_provider_create(); if (!this->provider) { free(this); diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in index b37d2714a..93c7aed03 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c b/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c index 1cc5352d8..5a528153d 100644 --- a/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c +++ b/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c @@ -47,6 +47,12 @@ struct private_eap_simaka_sql_t { database_t *db; }; +METHOD(plugin_t, get_name, char*, + private_eap_simaka_sql_t *this) +{ + return "eap-simaka-sql"; +} + METHOD(plugin_t, destroy, void, private_eap_simaka_sql_t *this) { @@ -87,6 +93,8 @@ plugin_t *eap_simaka_sql_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in index 7334c6ce9..c58bced06 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.in +++ b/src/libcharon/plugins/eap_tls/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c index efe72c437..39e1a60d9 100644 --- a/src/libcharon/plugins/eap_tls/eap_tls.c +++ b/src/libcharon/plugins/eap_tls/eap_tls.c @@ -91,6 +91,18 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_tls_t *this) +{ + return this->tls_eap->get_identifier(this->tls_eap); +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_tls_t *this, u_int8_t identifier) +{ + this->tls_eap->set_identifier(this->tls_eap, identifier); +} + METHOD(eap_method_t, is_mutual, bool, private_eap_tls_t *this) { @@ -113,6 +125,7 @@ static eap_tls_t *eap_tls_create(identification_t *server, private_eap_tls_t *this; size_t frag_size; int max_msg_count; + bool include_length; tls_t *tls; INIT(this, @@ -123,6 +136,8 @@ static eap_tls_t *eap_tls_create(identification_t *server, .get_type = _get_type, .is_mutual = _is_mutual, .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, .destroy = _destroy, }, }, @@ -132,8 +147,11 @@ static eap_tls_t *eap_tls_create(identification_t *server, "charon.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN); max_msg_count = lib->settings->get_int(lib->settings, "charon.plugins.eap-tls.max_message_count", MAX_MESSAGE_COUNT); + include_length = lib->settings->get_bool(lib->settings, + "charon.plugins.eap-tls.include_length", TRUE); tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TLS, NULL); - this->tls_eap = tls_eap_create(EAP_TLS, tls, frag_size, max_msg_count); + this->tls_eap = tls_eap_create(EAP_TLS, tls, frag_size, max_msg_count, + include_length); if (!this->tls_eap) { free(this); diff --git a/src/libcharon/plugins/eap_tls/eap_tls_plugin.c b/src/libcharon/plugins/eap_tls/eap_tls_plugin.c index a7c040bf4..7afb79819 100644 --- a/src/libcharon/plugins/eap_tls/eap_tls_plugin.c +++ b/src/libcharon/plugins/eap_tls/eap_tls_plugin.c @@ -19,6 +19,11 @@ #include <daemon.h> +METHOD(plugin_t, get_name, char*, + eap_tls_plugin_t *this) +{ + return "eap-tls"; +} METHOD(plugin_t, destroy, void, eap_tls_plugin_t *this) @@ -39,6 +44,8 @@ plugin_t *eap_tls_plugin_create() INIT(this, .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, ); diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in index db1f1c8c5..dfc052bf8 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.in +++ b/src/libcharon/plugins/eap_tnc/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c index 7d708b3b9..ab3f87688 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc.c +++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c @@ -18,11 +18,7 @@ #include <tls_eap.h> #include <daemon.h> -<<<<<<< HEAD -#include <library.h> -======= #include <debug.h> ->>>>>>> upstream/4.5.1 typedef struct private_eap_tnc_t private_eap_tnc_t; @@ -96,6 +92,18 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_tnc_t *this) +{ + return this->tls_eap->get_identifier(this->tls_eap); +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_tnc_t *this, u_int8_t identifier) +{ + this->tls_eap->set_identifier(this->tls_eap, identifier); +} + METHOD(eap_method_t, is_mutual, bool, private_eap_tnc_t *this) { @@ -118,11 +126,9 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, private_eap_tnc_t *this; size_t frag_size; int max_msg_count; -<<<<<<< HEAD -======= + bool include_length; char* protocol; tnccs_type_t type; ->>>>>>> upstream/4.5.1 tnccs_t *tnccs; INIT(this, @@ -133,6 +139,8 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, .get_type = _get_type, .is_mutual = _is_mutual, .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, .destroy = _destroy, }, }, @@ -142,10 +150,9 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, "charon.plugins.eap-tnc.fragment_size", MAX_FRAGMENT_LEN); max_msg_count = lib->settings->get_int(lib->settings, "charon.plugins.eap-tnc.max_message_count", MAX_MESSAGE_COUNT); -<<<<<<< HEAD - tnccs = charon->tnccs->create_instance(charon->tnccs, TNCCS_1_1, is_server); -======= - protocol = lib->settings->get_str(lib->settings, + include_length = lib->settings->get_bool(lib->settings, + "charon.plugins.eap-tnc.include_length", TRUE); + protocol = lib->settings->get_str(lib->settings, "charon.plugins.eap-tnc.protocol", "tnccs-1.1"); if (strcaseeq(protocol, "tnccs-2.0")) { @@ -166,8 +173,8 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, return NULL; } tnccs = charon->tnccs->create_instance(charon->tnccs, type, is_server); ->>>>>>> upstream/4.5.1 - this->tls_eap = tls_eap_create(EAP_TNC, (tls_t*)tnccs, frag_size, max_msg_count); + this->tls_eap = tls_eap_create(EAP_TNC, (tls_t*)tnccs, frag_size, + max_msg_count, include_length); if (!this->tls_eap) { free(this); diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c index 7430e4cac..93847e636 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c +++ b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c @@ -18,6 +18,12 @@ #include <daemon.h> +METHOD(plugin_t, get_name, char*, + eap_tnc_plugin_t *this) +{ + return "eap-tnc"; +} + METHOD(plugin_t, destroy, void, eap_tnc_plugin_t *this) { @@ -37,6 +43,8 @@ plugin_t *eap_tnc_plugin_create() INIT(this, .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, ); diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index 36121c7a7..d0d5341e2 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -225,13 +225,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -252,6 +246,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -270,14 +266,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c index a62af6ea4..7193bc9f0 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c @@ -93,6 +93,18 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_ttls_t *this) +{ + return this->tls_eap->get_identifier(this->tls_eap); +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_ttls_t *this, u_int8_t identifier) +{ + this->tls_eap->set_identifier(this->tls_eap, identifier); +} + METHOD(eap_method_t, is_mutual, bool, private_eap_ttls_t *this) { @@ -116,6 +128,7 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, private_eap_ttls_t *this; size_t frag_size; int max_msg_count; + bool include_length; tls_t *tls; INIT(this, @@ -125,6 +138,8 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, .process = _process, .get_type = _get_type, .is_mutual = _is_mutual, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, .get_msk = _get_msk, .destroy = _destroy, }, @@ -139,8 +154,11 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, "charon.plugins.eap-ttls.fragment_size", MAX_FRAGMENT_LEN); max_msg_count = lib->settings->get_int(lib->settings, "charon.plugins.eap-ttls.max_message_count", MAX_MESSAGE_COUNT); - tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TTLS, application); - this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size, max_msg_count); + include_length = lib->settings->get_bool(lib->settings, + "charon.plugins.eap-ttls.include_length", TRUE); + tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TTLS, application); + this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size, max_msg_count, + include_length); if (!this->tls_eap) { application->destroy(application); diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c index c8e099ad5..931eb2e89 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c @@ -64,17 +64,6 @@ struct private_eap_ttls_peer_t { eap_ttls_avp_t *avp; }; -/** - * EAP packet format - */ -typedef struct __attribute__((packed)) { - u_int8_t code; - u_int8_t identifier; - u_int16_t length; - u_int8_t type; - u_int8_t data; -} eap_packet_t; - #define MAX_RADIUS_ATTRIBUTE_SIZE 253 METHOD(tls_application_t, process, status_t, @@ -174,17 +163,30 @@ METHOD(tls_application_t, process, status_t, return FAILED; } + /* yet another phase2 authentication? */ + if (this->method) + { + type = this->method->get_type(this->method, &vendor); + + if (type != received_type || vendor != received_vendor) + { + this->method->destroy(this->method); + this->method = NULL; + } + } + if (this->method == NULL) { if (received_vendor) { - DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%d", - received_type, received_vendor); + DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%d " + "(id 0x%02X)", received_type, received_vendor, + in->get_identifier(in)); } else { - DBG1(DBG_IKE, "server requested %N authentication", - eap_type_names, received_type); + DBG1(DBG_IKE, "server requested %N authentication (id 0x%02X)", + eap_type_names, received_type, in->get_identifier(in)); } this->method = charon->eap->create_instance(charon->eap, received_type, received_vendor, @@ -196,19 +198,8 @@ METHOD(tls_application_t, process, status_t, in->destroy(in); return NEED_MORE; } -<<<<<<< HEAD -======= + type = this->method->get_type(this->method, &vendor); this->start_phase2 = FALSE; ->>>>>>> upstream/4.5.1 - } - - type = this->method->get_type(this->method, &vendor); - - if (type != received_type || vendor != received_vendor) - { - DBG1(DBG_IKE, "received invalid EAP request"); - in->destroy(in); - return FAILED; } status = this->method->process(this->method, in, &this->out); @@ -219,13 +210,8 @@ METHOD(tls_application_t, process, status_t, case SUCCESS: this->method->destroy(this->method); this->method = NULL; - return NEED_MORE; + /* fall through to NEED_MORE */ case NEED_MORE: - if (type != EAP_TNC) - { - this->method->destroy(this->method); - this->method = NULL; - } return NEED_MORE; case FAILED: default: diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c b/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c index 48e759dcc..cbc3929bb 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c @@ -19,6 +19,11 @@ #include <daemon.h> +METHOD(plugin_t, get_name, char*, + eap_ttls_plugin_t *this) +{ + return "eap-ttls"; +} METHOD(plugin_t, destroy, void, eap_ttls_plugin_t *this) @@ -39,6 +44,8 @@ plugin_t *eap_ttls_plugin_create() INIT(this, .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, ); diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in index 5f6354f32..4ba29472d 100644 --- a/src/libcharon/plugins/farp/Makefile.in +++ b/src/libcharon/plugins/farp/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/farp/farp_plugin.c b/src/libcharon/plugins/farp/farp_plugin.c index d83bc1fd2..a30c11962 100644 --- a/src/libcharon/plugins/farp/farp_plugin.c +++ b/src/libcharon/plugins/farp/farp_plugin.c @@ -43,6 +43,12 @@ struct private_farp_plugin_t { farp_spoofer_t *spoofer; }; +METHOD(plugin_t, get_name, char*, + private_farp_plugin_t *this) +{ + return "farp"; +} + METHOD(plugin_t, destroy, void, private_farp_plugin_t *this) { @@ -62,6 +68,8 @@ plugin_t *farp_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in index 8be700808..fe72c5c8e 100644 --- a/src/libcharon/plugins/ha/Makefile.in +++ b/src/libcharon/plugins/ha/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/ha/ha_child.c b/src/libcharon/plugins/ha/ha_child.c index 1a9425423..707add94d 100644 --- a/src/libcharon/plugins/ha/ha_child.c +++ b/src/libcharon/plugins/ha/ha_child.c @@ -91,6 +91,10 @@ METHOD(listener_t, child_keys, bool, { m->add_attribute(m, HA_ALG_INTEG, alg); } + if (proposal->get_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS, &alg, NULL)) + { + m->add_attribute(m, HA_ESN, alg); + } m->add_attribute(m, HA_NONCE_I, nonce_i); m->add_attribute(m, HA_NONCE_R, nonce_r); if (dh && dh->get_shared_secret(dh, &secret) == SUCCESS) diff --git a/src/libcharon/plugins/ha/ha_ctl.c b/src/libcharon/plugins/ha/ha_ctl.c index 698f73e12..15f7824f9 100644 --- a/src/libcharon/plugins/ha/ha_ctl.c +++ b/src/libcharon/plugins/ha/ha_ctl.c @@ -21,13 +21,8 @@ #include <fcntl.h> #include <unistd.h> #include <errno.h> -<<<<<<< HEAD -#include <pthread.h> - -======= #include <threading/thread.h> ->>>>>>> upstream/4.5.1 #include <processing/jobs/callback_job.h> #define HA_FIFO IPSEC_PIDDIR "/charon.ha" @@ -65,15 +60,6 @@ struct private_ha_ctl_t { */ static job_requeue_t dispatch_fifo(private_ha_ctl_t *this) { -<<<<<<< HEAD - int fifo, old; - char buf[8]; - u_int segment; - - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &old); - fifo = open(HA_FIFO, O_RDONLY); - pthread_setcancelstate(old, NULL); -======= int fifo; bool oldstate; char buf[8]; @@ -82,7 +68,6 @@ static job_requeue_t dispatch_fifo(private_ha_ctl_t *this) oldstate = thread_cancelability(TRUE); fifo = open(HA_FIFO, O_RDONLY); thread_cancelability(oldstate); ->>>>>>> upstream/4.5.1 if (fifo == -1) { DBG1(DBG_CFG, "opening HA fifo failed: %s", strerror(errno)); diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c index 1015c65d0..0d0df8dd1 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.c +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -462,6 +462,7 @@ static void process_child_add(private_ha_dispatcher_t *this, u_int16_t inbound_cpi = 0, outbound_cpi = 0; u_int8_t mode = MODE_TUNNEL, ipcomp = 0; u_int16_t encr = ENCR_UNDEFINED, integ = AUTH_UNDEFINED, len = 0; + u_int16_t esn = NO_EXT_SEQ_NUMBERS; u_int seg_i, seg_o; chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty, secret = chunk_empty; chunk_t encr_i, integ_i, encr_r, integ_r; @@ -512,6 +513,9 @@ static void process_child_add(private_ha_dispatcher_t *this, case HA_ALG_INTEG: integ = value.u16; break; + case HA_ESN: + esn = value.u16; + break; case HA_NONCE_I: nonce_i = value.chunk; break; @@ -558,6 +562,7 @@ static void process_child_add(private_ha_dispatcher_t *this, { proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr, len); } + proposal->add_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS, esn, 0); keymat = ike_sa->get_keymat(ike_sa); if (!keymat->derive_child_keys(keymat, proposal, secret.ptr ? &dh : NULL, @@ -596,15 +601,9 @@ static void process_child_add(private_ha_dispatcher_t *this, if (initiator) { if (child_sa->install(child_sa, encr_r, integ_r, inbound_spi, -<<<<<<< HEAD - inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS || - child_sa->install(child_sa, encr_i, integ_i, outbound_spi, - outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS) -======= inbound_cpi, TRUE, TRUE, local_ts, remote_ts) != SUCCESS || child_sa->install(child_sa, encr_i, integ_i, outbound_spi, outbound_cpi, FALSE, TRUE, local_ts, remote_ts) != SUCCESS) ->>>>>>> upstream/4.5.1 { failed = TRUE; } @@ -612,15 +611,9 @@ static void process_child_add(private_ha_dispatcher_t *this, else { if (child_sa->install(child_sa, encr_i, integ_i, inbound_spi, -<<<<<<< HEAD - inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS || - child_sa->install(child_sa, encr_r, integ_r, outbound_spi, - outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS) -======= inbound_cpi, TRUE, TRUE, local_ts, remote_ts) != SUCCESS || child_sa->install(child_sa, encr_r, integ_r, outbound_spi, outbound_cpi, FALSE, TRUE, local_ts, remote_ts) != SUCCESS) ->>>>>>> upstream/4.5.1 { failed = TRUE; } diff --git a/src/libcharon/plugins/ha/ha_message.c b/src/libcharon/plugins/ha/ha_message.c index 7ce9cbe09..f98f78dd4 100644 --- a/src/libcharon/plugins/ha/ha_message.c +++ b/src/libcharon/plugins/ha/ha_message.c @@ -234,6 +234,7 @@ METHOD(ha_message_t, add_attribute, void, case HA_INBOUND_CPI: case HA_OUTBOUND_CPI: case HA_SEGMENT: + case HA_ESN: { u_int16_t val; @@ -447,6 +448,7 @@ METHOD(enumerator_t, attribute_enumerate, bool, case HA_INBOUND_CPI: case HA_OUTBOUND_CPI: case HA_SEGMENT: + case HA_ESN: { if (this->buf.len < sizeof(u_int16_t)) { diff --git a/src/libcharon/plugins/ha/ha_message.h b/src/libcharon/plugins/ha/ha_message.h index 50e11830f..1f8eabd62 100644 --- a/src/libcharon/plugins/ha/ha_message.h +++ b/src/libcharon/plugins/ha/ha_message.h @@ -140,6 +140,8 @@ enum ha_message_attribute_t { HA_MID, /** u_int16_t, HA segment */ HA_SEGMENT, + /** u_int16_t, Extended Sequence numbers */ + HA_ESN, }; /** diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c index 581294e60..b4bde5ea5 100644 --- a/src/libcharon/plugins/ha/ha_plugin.c +++ b/src/libcharon/plugins/ha/ha_plugin.c @@ -91,6 +91,12 @@ struct private_ha_plugin_t { ha_attribute_t *attr; }; +METHOD(plugin_t, get_name, char*, + private_ha_plugin_t *this) +{ + return "ha"; +} + METHOD(plugin_t, destroy, void, private_ha_plugin_t *this) { @@ -144,6 +150,8 @@ plugin_t *ha_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c index a83c1fd43..7c7bef851 100644 --- a/src/libcharon/plugins/ha/ha_segments.c +++ b/src/libcharon/plugins/ha/ha_segments.c @@ -15,18 +15,10 @@ #include "ha_segments.h" -<<<<<<< HEAD -#include <pthread.h> - -#include <threading/mutex.h> -#include <threading/condvar.h> -#include <utils/linked_list.h> -======= #include <threading/mutex.h> #include <threading/condvar.h> #include <utils/linked_list.h> #include <threading/thread.h> ->>>>>>> upstream/4.5.1 #include <processing/jobs/callback_job.h> #define DEFAULT_HEARTBEAT_DELAY 1000 @@ -262,18 +254,6 @@ METHOD(listener_t, alert_hook, bool, */ static job_requeue_t watchdog(private_ha_segments_t *this) { -<<<<<<< HEAD - int oldstate; - bool timeout; - - this->mutex->lock(this->mutex); - pthread_cleanup_push((void*)this->mutex->unlock, this->mutex); - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); - timeout = this->condvar->timed_wait(this->condvar, this->mutex, - this->heartbeat_timeout); - pthread_setcancelstate(oldstate, NULL); - pthread_cleanup_pop(TRUE); -======= bool timeout, oldstate; this->mutex->lock(this->mutex); @@ -283,7 +263,6 @@ static job_requeue_t watchdog(private_ha_segments_t *this) this->heartbeat_timeout); thread_cancelability(oldstate); thread_cleanup_pop(TRUE); ->>>>>>> upstream/4.5.1 if (timeout) { DBG1(DBG_CFG, "no heartbeat received, taking all segments"); diff --git a/src/libcharon/plugins/ha/ha_socket.c b/src/libcharon/plugins/ha/ha_socket.c index 29734bea3..086178442 100644 --- a/src/libcharon/plugins/ha/ha_socket.c +++ b/src/libcharon/plugins/ha/ha_socket.c @@ -20,17 +20,10 @@ #include <sys/socket.h> #include <errno.h> #include <unistd.h> -<<<<<<< HEAD -#include <pthread.h> - -#include <daemon.h> -#include <utils/host.h> -======= #include <daemon.h> #include <utils/host.h> #include <threading/thread.h> ->>>>>>> upstream/4.5.1 #include <processing/jobs/callback_job.h> typedef struct private_ha_socket_t private_ha_socket_t; @@ -128,21 +121,12 @@ METHOD(ha_socket_t, pull, ha_message_t*, { ha_message_t *message; char buf[1024]; -<<<<<<< HEAD - int oldstate; - ssize_t len; - - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); - len = recv(this->fd, buf, sizeof(buf), 0); - pthread_setcancelstate(oldstate, NULL); -======= bool oldstate; ssize_t len; oldstate = thread_cancelability(TRUE); len = recv(this->fd, buf, sizeof(buf), 0); thread_cancelability(oldstate); ->>>>>>> upstream/4.5.1 if (len <= 0) { switch (errno) diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index 6021ece01..299053ec1 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -223,13 +223,8 @@ static void setup_tunnel(private_ha_tunnel_t *this, peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE); child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE, MODE_TRANSPORT, -<<<<<<< HEAD - ACTION_NONE, ACTION_NONE, FALSE, 0, 0, - NULL, NULL); -======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); ->>>>>>> upstream/4.5.1 ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535); diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in index 0684599f8..db3a7c702 100644 --- a/src/libcharon/plugins/led/Makefile.in +++ b/src/libcharon/plugins/led/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/led/led_plugin.c b/src/libcharon/plugins/led/led_plugin.c index 322d198ff..b6b69b466 100644 --- a/src/libcharon/plugins/led/led_plugin.c +++ b/src/libcharon/plugins/led/led_plugin.c @@ -37,6 +37,12 @@ struct private_led_plugin_t { led_listener_t *listener; }; +METHOD(plugin_t, get_name, char*, + private_led_plugin_t *this) +{ + return "led"; +} + METHOD(plugin_t, destroy, void, private_led_plugin_t *this) { @@ -55,6 +61,8 @@ plugin_t *led_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index 91bae2d05..1e9a5fe82 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -225,13 +225,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -252,6 +246,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -270,14 +266,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index 65fb5100e..71391d593 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -224,13 +224,8 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) } child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, MODE_TUNNEL, -<<<<<<< HEAD - ACTION_NONE, ACTION_NONE, FALSE, 0, 0, - NULL, NULL); -======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); ->>>>>>> upstream/4.5.1 proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); child_cfg->add_proposal(child_cfg, proposal); ts = traffic_selector_create_dynamic(0, 0, 65535); diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index 701fd59e4..fdec5300e 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c @@ -52,14 +52,10 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, METHOD(kernel_ipsec_t, add_sa, status_t, private_load_tester_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, -<<<<<<< HEAD - lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, -======= u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, ->>>>>>> upstream/4.5.1 u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, - u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts) + u_int16_t cpi, bool encap, bool esn, bool inbound, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { return SUCCESS; } diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c index f93cdf154..94115e307 100644 --- a/src/libcharon/plugins/load_tester/load_tester_plugin.c +++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c @@ -28,11 +28,8 @@ #include <threading/condvar.h> #include <threading/mutex.h> -<<<<<<< HEAD -======= static const char *plugin_name = "load_tester"; ->>>>>>> upstream/4.5.1 typedef struct private_load_tester_plugin_t private_load_tester_plugin_t; /** @@ -149,10 +146,14 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this) return JOB_REQUEUE_NONE; } -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_load_tester_plugin_t *this) +METHOD(plugin_t, get_name, char*, + private_load_tester_plugin_t *this) +{ + return "load-tester"; +} + +METHOD(plugin_t, destroy, void, + private_load_tester_plugin_t *this) { this->iterations = -1; this->mutex->lock(this->mutex); @@ -191,36 +192,39 @@ plugin_t *load_tester_plugin_create() return NULL; } - this = malloc_thing(private_load_tester_plugin_t); - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .delay = lib->settings->get_int(lib->settings, + "charon.plugins.load-tester.delay", 0), + .iterations = lib->settings->get_int(lib->settings, + "charon.plugins.load-tester.iterations", 1), + .initiators = lib->settings->get_int(lib->settings, + "charon.plugins.load-tester.initiators", 0), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), + .config = load_tester_config_create(), + .creds = load_tester_creds_create(), + .listener = load_tester_listener_create(shutdown_on), + ); -<<<<<<< HEAD - lib->crypto->add_dh(lib->crypto, MODP_NULL, -======= lib->crypto->add_dh(lib->crypto, MODP_NULL, plugin_name, ->>>>>>> upstream/4.5.1 (dh_constructor_t)load_tester_diffie_hellman_create); + charon->backends->add_backend(charon->backends, &this->config->backend); + lib->credmgr->add_set(lib->credmgr, &this->creds->credential_set); + charon->bus->add_listener(charon->bus, &this->listener->listener); - this->delay = lib->settings->get_int(lib->settings, - "charon.plugins.load-tester.delay", 0); - this->iterations = lib->settings->get_int(lib->settings, - "charon.plugins.load-tester.iterations", 1); - this->initiators = lib->settings->get_int(lib->settings, - "charon.plugins.load-tester.initiators", 0); if (lib->settings->get_bool(lib->settings, "charon.plugins.load-tester.shutdown_when_complete", 0)) { shutdown_on = this->iterations * this->initiators; } - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); - this->config = load_tester_config_create(); - this->creds = load_tester_creds_create(); - this->listener = load_tester_listener_create(shutdown_on); - charon->backends->add_backend(charon->backends, &this->config->backend); - lib->credmgr->add_set(lib->credmgr, &this->creds->credential_set); - charon->bus->add_listener(charon->bus, &this->listener->listener); if (lib->settings->get_bool(lib->settings, "charon.plugins.load-tester.fake_kernel", FALSE)) diff --git a/src/libcharon/plugins/maemo/Makefile.am b/src/libcharon/plugins/maemo/Makefile.am index 95a76fe90..0bf7fad5d 100644 --- a/src/libcharon/plugins/maemo/Makefile.am +++ b/src/libcharon/plugins/maemo/Makefile.am @@ -19,13 +19,9 @@ libstrongswan_maemo_la_LIBADD = ${maemo_LIBS} dbusservice_DATA = org.strongswan.charon.service -<<<<<<< HEAD -EXTRA_DIST = $(dbusservice_DATA) -======= org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|' $< >$@ EXTRA_DIST = org.strongswan.charon.service.in CLEANFILES = $(dbusservice_DATA) ->>>>>>> upstream/4.5.1 diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in index cfa6e6115..27e72295c 100644 --- a/src/libcharon/plugins/maemo/Makefile.in +++ b/src/libcharon/plugins/maemo/Makefile.in @@ -224,13 +224,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -251,6 +245,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -269,14 +265,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -297,12 +291,8 @@ libstrongswan_maemo_la_SOURCES = \ libstrongswan_maemo_la_LDFLAGS = -module -avoid-version libstrongswan_maemo_la_LIBADD = ${maemo_LIBS} dbusservice_DATA = org.strongswan.charon.service -<<<<<<< HEAD -EXTRA_DIST = $(dbusservice_DATA) -======= EXTRA_DIST = org.strongswan.charon.service.in CLEANFILES = $(dbusservice_DATA) ->>>>>>> upstream/4.5.1 all: all-am .SUFFIXES: @@ -542,10 +532,7 @@ install-strip: mostlyclean-generic: clean-generic: -<<<<<<< HEAD -======= -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) ->>>>>>> upstream/4.5.1 distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -644,12 +631,9 @@ uninstall-am: uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES uninstall-pluginLTLIBRARIES -<<<<<<< HEAD -======= org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|' $< >$@ ->>>>>>> upstream/4.5.1 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libcharon/plugins/maemo/maemo_plugin.c b/src/libcharon/plugins/maemo/maemo_plugin.c index d4549f43a..38cb031b5 100644 --- a/src/libcharon/plugins/maemo/maemo_plugin.c +++ b/src/libcharon/plugins/maemo/maemo_plugin.c @@ -34,11 +34,16 @@ struct private_maemo_plugin_t { * service */ maemo_service_t *service; - }; +METHOD(plugin_t, get_name, char*, + private_maemo_plugin_t *this) +{ + return "maemo"; +} + METHOD(plugin_t, destroy, void, - private_maemo_plugin_t *this) + private_maemo_plugin_t *this) { this->service->destroy(this->service); free(this); @@ -54,6 +59,8 @@ plugin_t *maemo_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index 38ac6f8fc..0e9fd8ccc 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -115,20 +115,11 @@ METHOD(listener_t, ike_updown, bool, return TRUE; } -<<<<<<< HEAD -METHOD(listener_t, child_state_change, bool, - private_maemo_service_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, - child_sa_state_t state) -{ - /* this call back is only registered during initiation */ - if (this->ike_sa == ike_sa && state == CHILD_DESTROYING) -======= METHOD(listener_t, ike_state_change, bool, private_maemo_service_t *this, ike_sa_t *ike_sa, ike_sa_state_t state) { /* this call back is only registered during initiation */ if (this->ike_sa == ike_sa && state == IKE_DESTROYING) ->>>>>>> upstream/4.5.1 { change_status(this, VPN_STATUS_CONNECTION_FAILED); return FALSE; @@ -146,11 +137,7 @@ METHOD(listener_t, child_updown, bool, { /* disable hooks registered to catch initiation failures */ this->public.listener.ike_updown = NULL; -<<<<<<< HEAD - this->public.listener.child_state_change = NULL; -======= this->public.listener.ike_state_change = NULL; ->>>>>>> upstream/4.5.1 change_status(this, VPN_STATUS_CONNECTED); } else @@ -359,11 +346,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, -<<<<<<< HEAD - FALSE, 0, 0, NULL, NULL); -======= ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); ->>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); @@ -387,11 +370,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, this->ike_sa = ike_sa; this->status = VPN_STATUS_CONNECTING; this->public.listener.ike_updown = _ike_updown; -<<<<<<< HEAD - this->public.listener.child_state_change = _child_state_change; -======= this->public.listener.ike_state_change = _ike_state_change; ->>>>>>> upstream/4.5.1 charon->bus->add_listener(charon->bus, &this->public.listener); if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS) @@ -484,11 +463,7 @@ maemo_service_t *maemo_service_create() .public = { .listener = { .ike_updown = _ike_updown, -<<<<<<< HEAD - .child_state_change = _child_state_change, -======= .ike_state_change = _ike_state_change, ->>>>>>> upstream/4.5.1 .child_updown = _child_updown, .ike_rekey = _ike_rekey, }, diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index 5f965cb8a..83b457b46 100644 --- a/src/libcharon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index c2e8aad12..b5672dba9 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -182,13 +182,8 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, -<<<<<<< HEAD - ACTION_NONE, ACTION_NONE, FALSE, 0, 0, - NULL, NULL); -======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); ->>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); @@ -266,13 +261,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) this->current->add_auth_cfg(this->current, auth, FALSE); child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, -<<<<<<< HEAD - ACTION_NONE, ACTION_NONE, FALSE, 0, 0, - NULL, NULL); -======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); ->>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); diff --git a/src/libcharon/plugins/medcli/medcli_plugin.c b/src/libcharon/plugins/medcli/medcli_plugin.c index 6befbf440..469915476 100644 --- a/src/libcharon/plugins/medcli/medcli_plugin.c +++ b/src/libcharon/plugins/medcli/medcli_plugin.c @@ -54,10 +54,14 @@ struct private_medcli_plugin_t { medcli_listener_t *listener; }; -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_medcli_plugin_t *this) +METHOD(plugin_t, get_name, char*, + private_medcli_plugin_t *this) +{ + return "medcli"; +} + +METHOD(plugin_t, destroy, void, + private_medcli_plugin_t *this) { charon->bus->remove_listener(charon->bus, &this->listener->listener); charon->backends->remove_backend(charon->backends, &this->config->backend); @@ -75,9 +79,17 @@ static void destroy(private_medcli_plugin_t *this) plugin_t *medcli_plugin_create() { char *uri; - private_medcli_plugin_t *this = malloc_thing(private_medcli_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + private_medcli_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + ); uri = lib->settings->get_str(lib->settings, "medcli.database", NULL); diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index d90ac0149..068f311a5 100644 --- a/src/libcharon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/medsrv/medsrv_plugin.c b/src/libcharon/plugins/medsrv/medsrv_plugin.c index c150346cb..5df46d04f 100644 --- a/src/libcharon/plugins/medsrv/medsrv_plugin.c +++ b/src/libcharon/plugins/medsrv/medsrv_plugin.c @@ -48,10 +48,14 @@ struct private_medsrv_plugin_t { medsrv_config_t *config; }; -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_medsrv_plugin_t *this) +METHOD(plugin_t, get_name, char*, + private_medsrv_plugin_t *this) +{ + return "medsrv"; +} + +METHOD(plugin_t, destroy, void, + private_medsrv_plugin_t *this) { charon->backends->remove_backend(charon->backends, &this->config->backend); lib->credmgr->remove_set(lib->credmgr, &this->creds->set); @@ -67,9 +71,17 @@ static void destroy(private_medsrv_plugin_t *this) plugin_t *medsrv_plugin_create() { char *uri; - private_medsrv_plugin_t *this = malloc_thing(private_medsrv_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + private_medsrv_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + ); uri = lib->settings->get_str(lib->settings, "medsrv.database", NULL); diff --git a/src/libcharon/plugins/nm/Makefile.in b/src/libcharon/plugins/nm/Makefile.in index 9ad535ea8..308d27229 100644 --- a/src/libcharon/plugins/nm/Makefile.in +++ b/src/libcharon/plugins/nm/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/nm/nm_creds.c b/src/libcharon/plugins/nm/nm_creds.c index 869520c6c..ea98c056d 100644 --- a/src/libcharon/plugins/nm/nm_creds.c +++ b/src/libcharon/plugins/nm/nm_creds.c @@ -400,11 +400,7 @@ static void set_username_password(private_nm_creds_t *this, identification_t *id DESTROY_IF(this->user); this->user = id->clone(id); free(this->pass); -<<<<<<< HEAD - this->pass = password ? strdup(password) : NULL; -======= this->pass = strdupnull(password); ->>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -415,11 +411,7 @@ static void set_key_password(private_nm_creds_t *this, char *password) { this->lock->write_lock(this->lock); free(this->keypass); -<<<<<<< HEAD - this->keypass = password ? strdup(password) : NULL; -======= this->keypass = strdupnull(password); ->>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -431,11 +423,7 @@ static void set_pin(private_nm_creds_t *this, chunk_t keyid, char *pin) this->lock->write_lock(this->lock); free(this->keypass); free(this->keyid.ptr); -<<<<<<< HEAD - this->keypass = pin ? strdup(pin) : NULL; -======= this->keypass = strdupnull(pin); ->>>>>>> upstream/4.5.1 this->keyid = chunk_clone(keyid); this->lock->unlock(this->lock); } diff --git a/src/libcharon/plugins/nm/nm_plugin.c b/src/libcharon/plugins/nm/nm_plugin.c index fd0580bd6..f1d3be7a5 100644 --- a/src/libcharon/plugins/nm/nm_plugin.c +++ b/src/libcharon/plugins/nm/nm_plugin.c @@ -67,10 +67,14 @@ static job_requeue_t run(private_nm_plugin_t *this) return JOB_REQUEUE_NONE; } -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_nm_plugin_t *this) +METHOD(plugin_t, get_name, char*, + private_nm_plugin_t *this) +{ + return "nm"; +} + +METHOD(plugin_t, destroy, void, + private_nm_plugin_t *this) { if (this->loop) { @@ -96,22 +100,29 @@ static void destroy(private_nm_plugin_t *this) */ plugin_t *nm_plugin_create() { - private_nm_plugin_t *this = malloc_thing(private_nm_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + private_nm_plugin_t *this; - this->loop = NULL; g_type_init (); if (!g_thread_supported()) { g_thread_init(NULL); } - this->creds = nm_creds_create(); - this->handler = nm_handler_create(); + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .creds = nm_creds_create(), + .handler = nm_handler_create(), + .plugin = nm_strongswan_plugin_new(this->creds, this->handler), + ); + hydra->attributes->add_handler(hydra->attributes, &this->handler->handler); lib->credmgr->add_set(lib->credmgr, &this->creds->set); - this->plugin = nm_strongswan_plugin_new(this->creds, this->handler); if (!this->plugin) { DBG1(DBG_CFG, "DBUS binding failed"); diff --git a/src/libcharon/plugins/nm/nm_service.c b/src/libcharon/plugins/nm/nm_service.c index e32fe65dd..4300b57cf 100644 --- a/src/libcharon/plugins/nm/nm_service.c +++ b/src/libcharon/plugins/nm/nm_service.c @@ -518,13 +518,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, child_cfg = child_cfg_create(priv->name, &lifetime, NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */ -<<<<<<< HEAD - ACTION_NONE, ACTION_NONE, ipcomp, 0, 0, - NULL, NULL); -======= ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp, 0, 0, NULL, NULL, 0); ->>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index bac03bd03..e36fa6bb4 100644 --- a/src/libcharon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c index 60937f23d..d20f32248 100644 --- a/src/libcharon/plugins/smp/smp.c +++ b/src/libcharon/plugins/smp/smp.c @@ -707,10 +707,14 @@ static job_requeue_t dispatch(private_smp_t *this) return JOB_REQUEUE_DIRECT; } -/** - * Implementation of itnerface_t.destroy. - */ -static void destroy(private_smp_t *this) +METHOD(plugin_t, get_name, char*, + private_smp_t *this) +{ + return "smp"; +} + +METHOD(plugin_t, destroy, void, + private_smp_t *this) { this->job->cancel(this->job); close(this->socket); @@ -723,10 +727,18 @@ static void destroy(private_smp_t *this) plugin_t *smp_plugin_create() { struct sockaddr_un unix_addr = { AF_UNIX, IPSEC_PIDDIR "/charon.xml"}; - private_smp_t *this = malloc_thing(private_smp_t); + private_smp_t *this; mode_t old; - this->public.plugin.destroy = (void (*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + ); /* set up unix socket */ this->socket = socket(AF_UNIX, SOCK_STREAM, 0); diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index e9fc5ef07..95cb04d14 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/socket_default/socket_default_plugin.c b/src/libcharon/plugins/socket_default/socket_default_plugin.c index b5dea68b6..1bc8244d5 100644 --- a/src/libcharon/plugins/socket_default/socket_default_plugin.c +++ b/src/libcharon/plugins/socket_default/socket_default_plugin.c @@ -32,9 +32,14 @@ struct private_socket_default_plugin_t { * Implements plugin interface */ socket_default_plugin_t public; - }; +METHOD(plugin_t, get_name, char*, + private_socket_default_plugin_t *this) +{ + return "socket-default"; +} + METHOD(plugin_t, destroy, void, private_socket_default_plugin_t *this) { @@ -53,6 +58,8 @@ plugin_t *socket_default_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in index 6059d98a1..97e3a713d 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.in +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c index a6ff14efd..c5ea37a10 100644 --- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c +++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c @@ -32,9 +32,14 @@ struct private_socket_dynamic_plugin_t { * Implements plugin interface */ socket_dynamic_plugin_t public; - }; +METHOD(plugin_t, get_name, char*, + private_socket_dynamic_plugin_t *this) +{ + return "socket-dynamic"; +} + METHOD(plugin_t, destroy, void, private_socket_dynamic_plugin_t *this) { @@ -53,6 +58,8 @@ plugin_t *socket_dynamic_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/socket_raw/Makefile.in b/src/libcharon/plugins/socket_raw/Makefile.in index fe30169b5..6f1a09c88 100644 --- a/src/libcharon/plugins/socket_raw/Makefile.in +++ b/src/libcharon/plugins/socket_raw/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/socket_raw/socket_raw_plugin.c b/src/libcharon/plugins/socket_raw/socket_raw_plugin.c index 17a3a8db7..5bd28bd42 100644 --- a/src/libcharon/plugins/socket_raw/socket_raw_plugin.c +++ b/src/libcharon/plugins/socket_raw/socket_raw_plugin.c @@ -32,9 +32,14 @@ struct private_socket_raw_plugin_t { * Implements plugin interface */ socket_raw_plugin_t public; - }; +METHOD(plugin_t, get_name, char*, + private_socket_raw_plugin_t *this) +{ + return "socket-raw"; +} + METHOD(plugin_t, destroy, void, private_socket_raw_plugin_t *this) { @@ -53,6 +58,8 @@ plugin_t *socket_raw_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index 2446e257d..d7b43dcc9 100644 --- a/src/libcharon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index 0ca481bb9..dc016012c 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -1,9 +1,6 @@ /* * Copyright (C) 2006-2008 Martin Willi -<<<<<<< HEAD -======= * Copyright (C) 2010 Andreas Steffen ->>>>>>> upstream/4.5.1 * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -42,21 +39,13 @@ struct private_sql_config_t { }; /** -<<<<<<< HEAD - * forward declaration -======= * Forward declaration ->>>>>>> upstream/4.5.1 */ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, identification_t *me, identification_t *other); /** -<<<<<<< HEAD - * build a traffic selector from a SQL query -======= * Build a traffic selector from an SQL query ->>>>>>> upstream/4.5.1 */ static traffic_selector_t *build_traffic_selector(private_sql_config_t *this, enumerator_t *e, bool *local) @@ -131,18 +120,6 @@ static void add_traffic_selectors(private_sql_config_t *this, } /** -<<<<<<< HEAD - * build a Child configuration from a SQL query - */ -static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) -{ - int id, lifetime, rekeytime, jitter, hostaccess, mode, dpd, close, ipcomp; - char *name, *updown; - child_cfg_t *child_cfg; - - if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, - &updown, &hostaccess, &mode, &dpd, &close, &ipcomp)) -======= * Add ESP proposals to a child config */ static void add_esp_proposals(private_sql_config_t *this, @@ -191,21 +168,14 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, &updown, &hostaccess, &mode, &start, &dpd, &close, &ipcomp, &reqid)) ->>>>>>> upstream/4.5.1 { lifetime_cfg_t lft = { .time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter } }; child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode, -<<<<<<< HEAD - dpd, close, ipcomp, 0, 0, NULL, NULL); - /* TODO: read proposal from db */ - child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); -======= start, dpd, close, ipcomp, 0, reqid, NULL, NULL, 0); add_esp_proposals(this, child_cfg, id); ->>>>>>> upstream/4.5.1 add_traffic_selectors(this, child_cfg, id); return child_cfg; } @@ -221,15 +191,6 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) child_cfg_t *child_cfg; e = this->db->query(this->db, -<<<<<<< HEAD - "SELECT id, name, lifetime, rekeytime, jitter, " - "updown, hostaccess, mode, dpd_action, close_action, ipcomp " - "FROM child_configs JOIN peer_config_child_config ON id = child_cfg " - "WHERE peer_cfg = ?", - DB_INT, id, - DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, - DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT); -======= "SELECT id, name, lifetime, rekeytime, jitter, updown, hostaccess, " "mode, start_action, dpd_action, close_action, ipcomp, reqid " "FROM child_configs JOIN peer_config_child_config ON id = child_cfg " @@ -237,7 +198,6 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) DB_INT, id, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT); ->>>>>>> upstream/4.5.1 if (e) { while ((child_cfg = build_child_cfg(this, e))) @@ -249,9 +209,6 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) } /** -<<<<<<< HEAD - * build a ike configuration from a SQL query -======= * Add IKE proposals to an IKE config */ static void add_ike_proposals(private_sql_config_t *this, @@ -290,44 +247,27 @@ static void add_ike_proposals(private_sql_config_t *this, /** * Build an IKE config from an SQL query ->>>>>>> upstream/4.5.1 */ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e, host_t *my_host, host_t *other_host) { -<<<<<<< HEAD - int certreq, force_encap; - char *local, *remote; - - while (e->enumerate(e, &certreq, &force_encap, &local, &remote)) -======= int id, certreq, force_encap; char *local, *remote; while (e->enumerate(e, &id, &certreq, &force_encap, &local, &remote)) ->>>>>>> upstream/4.5.1 { ike_cfg_t *ike_cfg; ike_cfg = ike_cfg_create(certreq, force_encap, local, IKEV2_UDP_PORT, remote, IKEV2_UDP_PORT); -<<<<<<< HEAD - /* TODO: read proposal from db */ - ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); -======= add_ike_proposals(this, ike_cfg, id); ->>>>>>> upstream/4.5.1 return ike_cfg; } return NULL; } /** -<<<<<<< HEAD - * Query a IKE config by its id -======= * Query an IKE config by its id ->>>>>>> upstream/4.5.1 */ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) { @@ -335,17 +275,10 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) ike_cfg_t *ike_cfg = NULL; e = this->db->query(this->db, -<<<<<<< HEAD - "SELECT certreq, force_encap, local, remote " - "FROM ike_configs WHERE id = ?", - DB_INT, id, - DB_INT, DB_INT, DB_TEXT, DB_TEXT); -======= "SELECT id, certreq, force_encap, local, remote " "FROM ike_configs WHERE id = ?", DB_INT, id, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); ->>>>>>> upstream/4.5.1 if (e) { ike_cfg = build_ike_cfg(this, e, NULL, NULL); @@ -388,11 +321,7 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) } /** -<<<<<<< HEAD - * build a peer configuration from a SQL query -======= * Build a peer config from an SQL query ->>>>>>> upstream/4.5.1 */ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, identification_t *me, identification_t *other) @@ -471,15 +400,8 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, return NULL; } -<<<<<<< HEAD -/** - * implements backend_t.get_peer_cfg_by_name. - */ -static peer_cfg_t *get_peer_cfg_by_name(private_sql_config_t *this, char *name) -======= METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, private_sql_config_t *this, char *name) ->>>>>>> upstream/4.5.1 { enumerator_t *e; peer_cfg_t *peer_cfg = NULL; @@ -549,16 +471,8 @@ static void ike_enumerator_destroy(ike_enumerator_t *this) free(this); } -<<<<<<< HEAD -/** - * Implementation of backend_t.create_ike_cfg_enumerator. - */ -static enumerator_t* create_ike_cfg_enumerator(private_sql_config_t *this, - host_t *me, host_t *other) -======= METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, private_sql_config_t *this, host_t *me, host_t *other) ->>>>>>> upstream/4.5.1 { ike_enumerator_t *e = malloc_thing(ike_enumerator_t); @@ -570,15 +484,9 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, e->public.destroy = (void*)ike_enumerator_destroy; e->inner = this->db->query(this->db, -<<<<<<< HEAD - "SELECT certreq, force_encap, local, remote " - "FROM ike_configs", - DB_INT, DB_INT, DB_TEXT, DB_TEXT); -======= "SELECT id, certreq, force_encap, local, remote " "FROM ike_configs", DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); ->>>>>>> upstream/4.5.1 if (!e->inner) { free(e); @@ -628,17 +536,8 @@ static void peer_enumerator_destroy(peer_enumerator_t *this) free(this); } -<<<<<<< HEAD -/** - * Implementation of backend_t.create_peer_cfg_enumerator. - */ -static enumerator_t* create_peer_cfg_enumerator(private_sql_config_t *this, - identification_t *me, - identification_t *other) -======= METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, private_sql_config_t *this, identification_t *me, identification_t *other) ->>>>>>> upstream/4.5.1 { peer_enumerator_t *e = malloc_thing(peer_enumerator_t); @@ -675,15 +574,8 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, return &e->public; } -<<<<<<< HEAD -/** - * Implementation of sql_config_t.destroy. - */ -static void destroy(private_sql_config_t *this) -======= METHOD(sql_config_t, destroy, void, private_sql_config_t *this) ->>>>>>> upstream/4.5.1 { free(this); } @@ -693,16 +585,6 @@ METHOD(sql_config_t, destroy, void, */ sql_config_t *sql_config_create(database_t *db) { -<<<<<<< HEAD - private_sql_config_t *this = malloc_thing(private_sql_config_t); - - this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; - this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; - this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; - this->public.destroy = (void(*)(sql_config_t*))destroy; - - this->db = db; -======= private_sql_config_t *this; INIT(this, @@ -716,7 +598,6 @@ sql_config_t *sql_config_create(database_t *db) }, .db = db ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/sql/sql_cred.c b/src/libcharon/plugins/sql/sql_cred.c index a72450f27..117eec921 100644 --- a/src/libcharon/plugins/sql/sql_cred.c +++ b/src/libcharon/plugins/sql/sql_cred.c @@ -1,8 +1,5 @@ /* -<<<<<<< HEAD -======= * Copyright (C) 2010 Tobias Brunner ->>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -41,10 +38,7 @@ struct private_sql_cred_t { database_t *db; }; -<<<<<<< HEAD -======= ->>>>>>> upstream/4.5.1 /** * enumerator over private keys */ @@ -57,16 +51,8 @@ typedef struct { private_key_t *current; } private_enumerator_t; -<<<<<<< HEAD -/** - * Implementation of private_enumerator_t.public.enumerate - */ -static bool private_enumerator_enumerate(private_enumerator_t *this, - private_key_t **key) -======= METHOD(enumerator_t, private_enumerator_enumerate, bool, private_enumerator_t *this, private_key_t **key) ->>>>>>> upstream/4.5.1 { chunk_t blob; int type; @@ -75,11 +61,7 @@ METHOD(enumerator_t, private_enumerator_enumerate, bool, while (this->inner->enumerate(this->inner, &type, &blob)) { this->current = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, -<<<<<<< HEAD - BUILD_BLOB_ASN1_DER, blob, -======= BUILD_BLOB_PEM, blob, ->>>>>>> upstream/4.5.1 BUILD_END); if (this->current) { @@ -91,36 +73,14 @@ METHOD(enumerator_t, private_enumerator_enumerate, bool, return FALSE; } -<<<<<<< HEAD -/** - * Implementation of private_enumerator_t.public.destroy - */ -static void private_enumerator_destroy(private_enumerator_t *this) -======= METHOD(enumerator_t, private_enumerator_destroy, void, private_enumerator_t *this) ->>>>>>> upstream/4.5.1 { DESTROY_IF(this->current); this->inner->destroy(this->inner); free(this); } -<<<<<<< HEAD -/** - * Implementation of credential_set_t.create_private_enumerator. - */ -static enumerator_t* create_private_enumerator(private_sql_cred_t *this, - key_type_t type, - identification_t *id) -{ - private_enumerator_t *e; - - e = malloc_thing(private_enumerator_t); - e->current = NULL; - e->public.enumerate = (void*)private_enumerator_enumerate; - e->public.destroy = (void*)private_enumerator_destroy; -======= METHOD(credential_set_t, create_private_enumerator, enumerator_t*, private_sql_cred_t *this, key_type_t type, identification_t *id) { @@ -132,7 +92,6 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*, .destroy = _private_enumerator_destroy, }, ); ->>>>>>> upstream/4.5.1 if (id && id->get_type(id) != ID_ANY) { e->inner = this->db->query(this->db, @@ -159,10 +118,7 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*, return &e->public; } -<<<<<<< HEAD -======= ->>>>>>> upstream/4.5.1 /** * enumerator over certificates */ @@ -175,16 +131,8 @@ typedef struct { certificate_t *current; } cert_enumerator_t; -<<<<<<< HEAD -/** - * Implementation of cert_enumerator_t.public.enumerate - */ -static bool cert_enumerator_enumerate(cert_enumerator_t *this, - certificate_t **cert) -======= METHOD(enumerator_t, cert_enumerator_enumerate, bool, cert_enumerator_t *this, certificate_t **cert) ->>>>>>> upstream/4.5.1 { chunk_t blob; int type; @@ -193,11 +141,7 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool, while (this->inner->enumerate(this->inner, &type, &blob)) { this->current = lib->creds->create(lib->creds, CRED_CERTIFICATE, type, -<<<<<<< HEAD - BUILD_BLOB_ASN1_DER, blob, -======= BUILD_BLOB_PEM, blob, ->>>>>>> upstream/4.5.1 BUILD_END); if (this->current) { @@ -209,36 +153,14 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool, return FALSE; } -<<<<<<< HEAD -/** - * Implementation of cert_enumerator_t.public.destroy - */ -static void cert_enumerator_destroy(cert_enumerator_t *this) -======= METHOD(enumerator_t, cert_enumerator_destroy, void, cert_enumerator_t *this) ->>>>>>> upstream/4.5.1 { DESTROY_IF(this->current); this->inner->destroy(this->inner); free(this); } -<<<<<<< HEAD -/** - * Implementation of credential_set_t.create_cert_enumerator. - */ -static enumerator_t* create_cert_enumerator(private_sql_cred_t *this, - certificate_type_t cert, key_type_t key, - identification_t *id, bool trusted) -{ - cert_enumerator_t *e; - - e = malloc_thing(cert_enumerator_t); - e->current = NULL; - e->public.enumerate = (void*)cert_enumerator_enumerate; - e->public.destroy = (void*)cert_enumerator_destroy; -======= METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, private_sql_cred_t *this, certificate_type_t cert, key_type_t key, identification_t *id, bool trusted) @@ -251,7 +173,6 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, .destroy = _cert_enumerator_destroy, }, ); ->>>>>>> upstream/4.5.1 if (id && id->get_type(id) != ID_ANY) { e->inner = this->db->query(this->db, @@ -282,10 +203,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, return &e->public; } -<<<<<<< HEAD -======= ->>>>>>> upstream/4.5.1 /** * enumerator over shared keys */ @@ -302,18 +220,9 @@ typedef struct { shared_key_t *current; } shared_enumerator_t; -<<<<<<< HEAD -/** - * Implementation of shared_enumerator_t.public.enumerate - */ -static bool shared_enumerator_enumerate(shared_enumerator_t *this, - shared_key_t **shared, - id_match_t *me, id_match_t *other) -======= METHOD(enumerator_t, shared_enumerator_enumerate, bool, shared_enumerator_t *this, shared_key_t **shared, id_match_t *me, id_match_t *other) ->>>>>>> upstream/4.5.1 { chunk_t blob; int type; @@ -340,38 +249,14 @@ METHOD(enumerator_t, shared_enumerator_enumerate, bool, return FALSE; } -<<<<<<< HEAD -/** - * Implementation of shared_enumerator_t.public.destroy - */ -static void shared_enumerator_destroy(shared_enumerator_t *this) -======= METHOD(enumerator_t, shared_enumerator_destroy, void, shared_enumerator_t *this) ->>>>>>> upstream/4.5.1 { DESTROY_IF(this->current); this->inner->destroy(this->inner); free(this); } -<<<<<<< HEAD -/** - * Implementation of credential_set_t.create_shared_enumerator. - */ -static enumerator_t* create_shared_enumerator(private_sql_cred_t *this, - shared_key_type_t type, - identification_t *me, identification_t *other) -{ - shared_enumerator_t *e; - - e = malloc_thing(shared_enumerator_t); - e->me = me; - e->other = other; - e->current = NULL; - e->public.enumerate = (void*)shared_enumerator_enumerate; - e->public.destroy = (void*)shared_enumerator_destroy; -======= METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, private_sql_cred_t *this, shared_key_type_t type, identification_t *me, identification_t *other) @@ -386,7 +271,6 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, .me = me, .other = other, ); ->>>>>>> upstream/4.5.1 if (!me && !other) { e->inner = this->db->query(this->db, @@ -430,12 +314,6 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, return &e->public; } -<<<<<<< HEAD -/** - * Implementation of credential_set_t.cache_cert. - */ -static void cache_cert(private_sql_cred_t *this, certificate_t *cert) -======= /** * enumerator over CDPs @@ -541,44 +419,21 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, METHOD(credential_set_t, cache_cert, void, private_sql_cred_t *this, certificate_t *cert) ->>>>>>> upstream/4.5.1 { /* TODO: implement CRL caching to database */ } -<<<<<<< HEAD -/** - * Implementation of sql_cred_t.destroy. - */ -static void destroy(private_sql_cred_t *this) -{ - free(this); -} -======= METHOD(sql_cred_t, destroy, void, private_sql_cred_t *this) { free(this); } ->>>>>>> upstream/4.5.1 /** * Described in header. */ sql_cred_t *sql_cred_create(database_t *db) { -<<<<<<< HEAD - private_sql_cred_t *this = malloc_thing(private_sql_cred_t); - - this->public.set.create_private_enumerator = (void*)create_private_enumerator; - this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; - this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; - this->public.set.create_cdp_enumerator = (void*)return_null; - this->public.set.cache_cert = (void*)cache_cert; - this->public.destroy = (void(*)(sql_cred_t*))destroy; - - this->db = db; -======= private_sql_cred_t *this; INIT(this, @@ -594,7 +449,6 @@ sql_cred_t *sql_cred_create(database_t *db) }, .db = db, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/sql/sql_plugin.c b/src/libcharon/plugins/sql/sql_plugin.c index 49b48c7f4..d915d4696 100644 --- a/src/libcharon/plugins/sql/sql_plugin.c +++ b/src/libcharon/plugins/sql/sql_plugin.c @@ -53,15 +53,14 @@ struct private_sql_plugin_t { sql_logger_t *logger; }; -<<<<<<< HEAD -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_sql_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_sql_plugin_t *this) +{ + return "sql"; +} + METHOD(plugin_t, destroy, void, private_sql_plugin_t *this) ->>>>>>> upstream/4.5.1 { charon->backends->remove_backend(charon->backends, &this->config->backend); lib->credmgr->remove_set(lib->credmgr, &this->cred->set); @@ -88,23 +87,17 @@ plugin_t *sql_plugin_create() return NULL; } -<<<<<<< HEAD - this = malloc_thing(private_sql_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - this->db = lib->db->create(lib->db, uri); -======= INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, .db = lib->db->create(lib->db, uri), ); ->>>>>>> upstream/4.5.1 if (!this->db) { DBG1(DBG_CFG, "sql plugin failed to connect to database"); diff --git a/src/libcharon/plugins/stroke/Makefile.am b/src/libcharon/plugins/stroke/Makefile.am index 29f680174..e561224e9 100644 --- a/src/libcharon/plugins/stroke/Makefile.am +++ b/src/libcharon/plugins/stroke/Makefile.am @@ -21,11 +21,6 @@ libstrongswan_stroke_la_SOURCES = \ stroke_cred.h stroke_cred.c \ stroke_ca.h stroke_ca.c \ stroke_attribute.h stroke_attribute.c \ -<<<<<<< HEAD - stroke_list.h stroke_list.c \ - stroke_shared_key.h stroke_shared_key.c -======= stroke_list.h stroke_list.c ->>>>>>> upstream/4.5.1 libstrongswan_stroke_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index 3649c8ee9..fd859daeb 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -77,11 +77,7 @@ LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_stroke_la_LIBADD = am_libstrongswan_stroke_la_OBJECTS = stroke_plugin.lo stroke_socket.lo \ stroke_config.lo stroke_control.lo stroke_cred.lo stroke_ca.lo \ -<<<<<<< HEAD - stroke_attribute.lo stroke_list.lo stroke_shared_key.lo -======= stroke_attribute.lo stroke_list.lo ->>>>>>> upstream/4.5.1 libstrongswan_stroke_la_OBJECTS = \ $(am_libstrongswan_stroke_la_OBJECTS) libstrongswan_stroke_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -227,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -254,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -272,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -305,12 +295,7 @@ libstrongswan_stroke_la_SOURCES = \ stroke_cred.h stroke_cred.c \ stroke_ca.h stroke_ca.c \ stroke_attribute.h stroke_attribute.c \ -<<<<<<< HEAD - stroke_list.h stroke_list.c \ - stroke_shared_key.h stroke_shared_key.c -======= stroke_list.h stroke_list.c ->>>>>>> upstream/4.5.1 libstrongswan_stroke_la_LDFLAGS = -module -avoid-version all: all-am @@ -403,10 +388,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_cred.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_list.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_plugin.Plo@am__quote@ -<<<<<<< HEAD -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_shared_key.Plo@am__quote@ -======= ->>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stroke_socket.Plo@am__quote@ .c.o: diff --git a/src/libcharon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c index 57126053b..69e13deb9 100644 --- a/src/libcharon/plugins/stroke/stroke_ca.c +++ b/src/libcharon/plugins/stroke/stroke_ca.c @@ -113,10 +113,7 @@ static void ca_section_destroy(ca_section_t *this) this->crl->destroy_function(this->crl, free); this->ocsp->destroy_function(this->ocsp, free); this->hashes->destroy_offset(this->hashes, offsetof(identification_t, destroy)); -<<<<<<< HEAD -======= this->cert->destroy(this->cert); ->>>>>>> upstream/4.5.1 free(this->certuribase); free(this->name); free(this); @@ -211,16 +208,8 @@ static enumerator_t *create_inner_cdp_hashandurl(ca_section_t *section, cdp_data return enumerator; } -<<<<<<< HEAD -/** - * Implementation of credential_set_t.create_cdp_enumerator. - */ -static enumerator_t *create_cdp_enumerator(private_stroke_ca_t *this, - certificate_type_t type, identification_t *id) -======= METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, private_stroke_ca_t *this, certificate_type_t type, identification_t *id) ->>>>>>> upstream/4.5.1 { cdp_data_t *data; @@ -244,16 +233,9 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, (type == CERT_X509) ? (void*)create_inner_cdp_hashandurl : (void*)create_inner_cdp, data, (void*)cdp_data_destroy); } -<<<<<<< HEAD -/** - * Implementation of stroke_ca_t.add. - */ -static void add(private_stroke_ca_t *this, stroke_msg_t *msg) -======= METHOD(stroke_ca_t, add, void, private_stroke_ca_t *this, stroke_msg_t *msg) ->>>>>>> upstream/4.5.1 { certificate_t *cert; ca_section_t *ca; @@ -294,15 +276,8 @@ METHOD(stroke_ca_t, add, void, } } -<<<<<<< HEAD -/** - * Implementation of stroke_ca_t.del. - */ -static void del(private_stroke_ca_t *this, stroke_msg_t *msg) -======= METHOD(stroke_ca_t, del, void, private_stroke_ca_t *this, stroke_msg_t *msg) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; ca_section_t *ca = NULL; @@ -356,15 +331,8 @@ static void list_uris(linked_list_t *list, char *label, FILE *out) enumerator->destroy(enumerator); } -<<<<<<< HEAD -/** - * Implementation of stroke_ca_t.check_for_hash_and_url. - */ -static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cert) -======= METHOD(stroke_ca_t, check_for_hash_and_url, void, private_stroke_ca_t *this, certificate_t* cert) ->>>>>>> upstream/4.5.1 { ca_section_t *section; enumerator_t *enumerator; @@ -401,15 +369,8 @@ METHOD(stroke_ca_t, check_for_hash_and_url, void, hasher->destroy(hasher); } -<<<<<<< HEAD -/** - * Implementation of stroke_ca_t.list. - */ -static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) -======= METHOD(stroke_ca_t, list, void, private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) ->>>>>>> upstream/4.5.1 { bool first = TRUE; ca_section_t *section; @@ -456,15 +417,8 @@ METHOD(stroke_ca_t, list, void, this->lock->unlock(this->lock); } -<<<<<<< HEAD -/** - * Implementation of stroke_ca_t.destroy - */ -static void destroy(private_stroke_ca_t *this) -======= METHOD(stroke_ca_t, destroy, void, private_stroke_ca_t *this) ->>>>>>> upstream/4.5.1 { this->sections->destroy_function(this->sections, (void*)ca_section_destroy); this->lock->destroy(this->lock); @@ -476,24 +430,6 @@ METHOD(stroke_ca_t, destroy, void, */ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) { -<<<<<<< HEAD - private_stroke_ca_t *this = malloc_thing(private_stroke_ca_t); - - this->public.set.create_private_enumerator = (void*)return_null; - this->public.set.create_cert_enumerator = (void*)return_null; - this->public.set.create_shared_enumerator = (void*)return_null; - this->public.set.create_cdp_enumerator = (void*)create_cdp_enumerator; - this->public.set.cache_cert = (void*)nop; - this->public.add = (void(*)(stroke_ca_t*, stroke_msg_t *msg))add; - this->public.del = (void(*)(stroke_ca_t*, stroke_msg_t *msg))del; - this->public.list = (void(*)(stroke_ca_t*, stroke_msg_t *msg, FILE *out))list; - this->public.check_for_hash_and_url = (void(*)(stroke_ca_t*, certificate_t*))check_for_hash_and_url; - this->public.destroy = (void(*)(stroke_ca_t*))destroy; - - this->sections = linked_list_create(); - this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - this->cred = cred; -======= private_stroke_ca_t *this; INIT(this, @@ -515,7 +451,6 @@ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), .cred = cred, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 11822a3bc..2b3164384 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -53,17 +53,8 @@ struct private_stroke_config_t { stroke_cred_t *cred; }; -<<<<<<< HEAD -/** - * Implementation of backend_t.create_peer_cfg_enumerator. - */ -static enumerator_t* create_peer_cfg_enumerator(private_stroke_config_t *this, - identification_t *me, - identification_t *other) -======= METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, private_stroke_config_t *this, identification_t *me, identification_t *other) ->>>>>>> upstream/4.5.1 { this->mutex->lock(this->mutex); return enumerator_create_cleaner(this->list->create_enumerator(this->list), @@ -79,16 +70,8 @@ static bool ike_filter(void *data, peer_cfg_t **in, ike_cfg_t **out) return TRUE; } -<<<<<<< HEAD -/** - * Implementation of backend_t.create_ike_cfg_enumerator. - */ -static enumerator_t* create_ike_cfg_enumerator(private_stroke_config_t *this, - host_t *me, host_t *other) -======= METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, private_stroke_config_t *this, host_t *me, host_t *other) ->>>>>>> upstream/4.5.1 { this->mutex->lock(this->mutex); return enumerator_create_filter(this->list->create_enumerator(this->list), @@ -96,15 +79,8 @@ METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, (void*)this->mutex->unlock); } -<<<<<<< HEAD -/** - * implements backend_t.get_peer_cfg_by_name. - */ -static peer_cfg_t *get_peer_cfg_by_name(private_stroke_config_t *this, char *name) -======= METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, private_stroke_config_t *this, char *name) ->>>>>>> upstream/4.5.1 { enumerator_t *e1, *e2; peer_cfg_t *current, *found = NULL; @@ -433,7 +409,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, } else { - DBG1(DBG_CFG, "CA certificate %s not found, discarding CA " + DBG1(DBG_CFG, "CA certificate \"%s\" not found, discarding CA " "constraint", ca); } } @@ -453,15 +429,6 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, enumerator->destroy(enumerator); } -<<<<<<< HEAD - /* authentication metod (class, actually) */ - if (streq(auth, "pubkey") || - streq(auth, "rsasig") || streq(auth, "rsa") || - streq(auth, "ecdsasig") || streq(auth, "ecdsa")) - { - cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); - build_crl_policy(cfg, local, msg->add_conn.crl_policy); -======= /* certificatePolicies */ if (end->cert_policy) { @@ -494,7 +461,6 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, { cfg->add(cfg, AUTH_RULE_ECDSA_STRENGTH, (uintptr_t)strength); } ->>>>>>> upstream/4.5.1 } else if (streq(auth, "psk") || streq(auth, "secret")) { @@ -858,15 +824,9 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, child_cfg = child_cfg_create( msg->add_conn.name, &lifetime, msg->add_conn.me.updown, msg->add_conn.me.hostaccess, -<<<<<<< HEAD - msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp, - msg->add_conn.inactivity, msg->add_conn.reqid, - &mark_in, &mark_out); -======= msg->add_conn.mode, ACTION_NONE, dpd, dpd, msg->add_conn.ipcomp, msg->add_conn.inactivity, msg->add_conn.reqid, &mark_in, &mark_out, msg->add_conn.tfc); ->>>>>>> upstream/4.5.1 child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode, msg->add_conn.install_policy); add_ts(this, &msg->add_conn.me, child_cfg, TRUE); @@ -877,15 +837,8 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, return child_cfg; } -<<<<<<< HEAD -/** - * Implementation of stroke_config_t.add. - */ -static void add(private_stroke_config_t *this, stroke_msg_t *msg) -======= METHOD(stroke_config_t, add, void, private_stroke_config_t *this, stroke_msg_t *msg) ->>>>>>> upstream/4.5.1 { ike_cfg_t *ike_cfg, *existing_ike; peer_cfg_t *peer_cfg, *existing; @@ -945,15 +898,8 @@ METHOD(stroke_config_t, add, void, } } -<<<<<<< HEAD -/** - * Implementation of stroke_config_t.del. - */ -static void del(private_stroke_config_t *this, stroke_msg_t *msg) -======= METHOD(stroke_config_t, del, void, private_stroke_config_t *this, stroke_msg_t *msg) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator, *children; peer_cfg_t *peer; @@ -1004,15 +950,8 @@ METHOD(stroke_config_t, del, void, } } -<<<<<<< HEAD -/** - * Implementation of stroke_config_t.destroy - */ -static void destroy(private_stroke_config_t *this) -======= METHOD(stroke_config_t, destroy, void, private_stroke_config_t *this) ->>>>>>> upstream/4.5.1 { this->list->destroy_offset(this->list, offsetof(peer_cfg_t, destroy)); this->mutex->destroy(this->mutex); @@ -1024,21 +963,6 @@ METHOD(stroke_config_t, destroy, void, */ stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred) { -<<<<<<< HEAD - private_stroke_config_t *this = malloc_thing(private_stroke_config_t); - - this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; - this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; - this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; - this->public.add = (void(*)(stroke_config_t*, stroke_msg_t *msg))add; - this->public.del = (void(*)(stroke_config_t*, stroke_msg_t *msg))del; - this->public.destroy = (void(*)(stroke_config_t*))destroy; - - this->list = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - this->ca = ca; - this->cred = cred; -======= private_stroke_config_t *this; INIT(this, @@ -1057,7 +981,6 @@ stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred) .ca = ca, .cred = cred, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c index 03ba4c305..4943ee670 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -17,11 +17,8 @@ #include <daemon.h> #include <processing/jobs/delete_ike_sa_job.h> -<<<<<<< HEAD -======= #include <processing/jobs/rekey_ike_sa_job.h> #include <processing/jobs/rekey_child_sa_job.h> ->>>>>>> upstream/4.5.1 typedef struct private_stroke_control_t private_stroke_control_t; @@ -95,75 +92,97 @@ static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name) return found; } -<<<<<<< HEAD /** - * Implementation of stroke_control_t.initiate. + * call the charon controller to initiate the connection */ -static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) -======= +static void charon_initiate(peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, + stroke_msg_t *msg, FILE *out) +{ + if (msg->output_verbosity < 0) + { + charon->controller->initiate(charon->controller, peer_cfg, child_cfg, + NULL, NULL); + } + else + { + stroke_log_info_t info = { msg->output_verbosity, out }; + + charon->controller->initiate(charon->controller, peer_cfg, child_cfg, + (controller_cb_t)stroke_log, &info); + } +} + METHOD(stroke_control_t, initiate, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) ->>>>>>> upstream/4.5.1 { + child_cfg_t *child_cfg = NULL; peer_cfg_t *peer_cfg; - child_cfg_t *child_cfg; - stroke_log_info_t info; + enumerator_t *enumerator; + bool empty = TRUE; peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, msg->initiate.name); - if (peer_cfg == NULL) + if (peer_cfg) { - DBG1(DBG_CFG, "no config named '%s'\n", msg->initiate.name); - return; - } - if (peer_cfg->get_ike_version(peer_cfg) != 2) - { - DBG1(DBG_CFG, "ignoring initiation request for IKEv%d config", - peer_cfg->get_ike_version(peer_cfg)); - peer_cfg->destroy(peer_cfg); - return; - } + if (peer_cfg->get_ike_version(peer_cfg) != 2) + { + DBG1(DBG_CFG, "ignoring initiation request for IKEv%d config", + peer_cfg->get_ike_version(peer_cfg)); + peer_cfg->destroy(peer_cfg); + return; + } - child_cfg = get_child_from_peer(peer_cfg, msg->initiate.name); - if (child_cfg == NULL) - { - DBG1(DBG_CFG, "no child config named '%s'\n", msg->initiate.name); - peer_cfg->destroy(peer_cfg); - return; - } + child_cfg = get_child_from_peer(peer_cfg, msg->initiate.name); + if (child_cfg == NULL) + { + enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); + while (enumerator->enumerate(enumerator, &child_cfg)) + { + empty = FALSE; + charon_initiate(peer_cfg->get_ref(peer_cfg), + child_cfg->get_ref(child_cfg), msg, out); + } + enumerator->destroy(enumerator); - if (msg->output_verbosity < 0) - { - charon->controller->initiate(charon->controller, peer_cfg, child_cfg, - NULL, NULL); + if (empty) + { + DBG1(DBG_CFG, "no child config named '%s'", msg->initiate.name); + fprintf(out, "no child config named '%s'\n", msg->initiate.name); + } + peer_cfg->destroy(peer_cfg); + return; + } } else { - info.out = out; - info.level = msg->output_verbosity; - charon->controller->initiate(charon->controller, peer_cfg, child_cfg, - (controller_cb_t)stroke_log, &info); + enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends, + NULL, NULL, NULL, NULL); + while (enumerator->enumerate(enumerator, &peer_cfg)) + { + if (peer_cfg->get_ike_version(peer_cfg) != 2) + { + continue; + } + child_cfg = get_child_from_peer(peer_cfg, msg->initiate.name); + if (child_cfg) + { + peer_cfg->get_ref(peer_cfg); + break; + } + } + enumerator->destroy(enumerator); + + if (child_cfg == NULL) + { + DBG1(DBG_CFG, "no config named '%s'", msg->initiate.name); + fprintf(out, "no config named '%s'\n", msg->initiate.name); + return; + } } + charon_initiate(peer_cfg, child_cfg, msg, out); } /** -<<<<<<< HEAD - * Implementation of stroke_control_t.terminate. - */ -static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) -{ - char *string, *pos = NULL, *name = NULL; - u_int32_t id = 0; - bool child, all = FALSE; - int len; - ike_sa_t *ike_sa; - enumerator_t *enumerator; - linked_list_t *ike_list, *child_list; - stroke_log_info_t info; - uintptr_t del; - - string = msg->terminate.name; -======= * Parse a terminate/rekey specifier */ static bool parse_specifier(char *string, u_int32_t *id, @@ -175,37 +194,15 @@ static bool parse_specifier(char *string, u_int32_t *id, *id = 0; *name = NULL; *all = FALSE; ->>>>>>> upstream/4.5.1 len = strlen(string); if (len < 1) { -<<<<<<< HEAD - DBG1(DBG_CFG, "error parsing string"); - return; -======= return FALSE; ->>>>>>> upstream/4.5.1 } switch (string[len-1]) { case '}': -<<<<<<< HEAD - child = TRUE; - pos = strchr(string, '{'); - break; - case ']': - child = FALSE; - pos = strchr(string, '['); - break; - default: - name = string; - child = FALSE; - break; - } - - if (name) -======= *child = TRUE; pos = strchr(string, '{'); break; @@ -220,44 +217,18 @@ static bool parse_specifier(char *string, u_int32_t *id, } if (*name) ->>>>>>> upstream/4.5.1 { /* is a single name */ } else if (pos == string + len - 2) { /* is name[] or name{} */ string[len-2] = '\0'; -<<<<<<< HEAD - name = string; -======= *name = string; ->>>>>>> upstream/4.5.1 } else { if (!pos) { -<<<<<<< HEAD - DBG1(DBG_CFG, "error parsing string"); - return; - } - if (*(pos + 1) == '*') - { /* is name[*] */ - all = TRUE; - *pos = '\0'; - name = string; - } - else - { /* is name[123] or name{23} */ - id = atoi(pos + 1); - if (id == 0) - { - DBG1(DBG_CFG, "error parsing string"); - return; - } - } - } -======= return FALSE; } if (*(pos + 1) == '*') @@ -295,7 +266,6 @@ METHOD(stroke_control_t, terminate, void, DBG1(DBG_CFG, "error parsing specifier string"); return; } ->>>>>>> upstream/4.5.1 info.out = out; info.level = msg->output_verbosity; @@ -382,13 +352,6 @@ METHOD(stroke_control_t, terminate, void, child_list->destroy(child_list); } -<<<<<<< HEAD -/** - * Implementation of stroke_control_t.terminate_srcip. - */ -static void terminate_srcip(private_stroke_control_t *this, - stroke_msg_t *msg, FILE *out) -======= METHOD(stroke_control_t, rekey, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { @@ -451,7 +414,6 @@ METHOD(stroke_control_t, rekey, void, METHOD(stroke_control_t, terminate_srcip, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; ike_sa_t *ike_sa; @@ -516,15 +478,8 @@ METHOD(stroke_control_t, terminate_srcip, void, DESTROY_IF(end); } -<<<<<<< HEAD -/** - * Implementation of stroke_control_t.purge_ike - */ -static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) -======= METHOD(stroke_control_t, purge_ike, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; iterator_t *iterator; @@ -561,61 +516,96 @@ METHOD(stroke_control_t, purge_ike, void, list->destroy(list); } -<<<<<<< HEAD /** - * Implementation of stroke_control_t.route. + * call charon to install a trap */ -static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) -======= +static void charon_route(peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, + char *name, FILE *out) +{ + if (charon->traps->install(charon->traps, peer_cfg, child_cfg)) + { + fprintf(out, "'%s' routed\n", name); + } + else + { + fprintf(out, "routing '%s' failed\n", name); + } +} + METHOD(stroke_control_t, route, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) ->>>>>>> upstream/4.5.1 { + child_cfg_t *child_cfg = NULL; peer_cfg_t *peer_cfg; - child_cfg_t *child_cfg; + enumerator_t *enumerator; + bool empty = TRUE; peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, msg->route.name); - if (peer_cfg == NULL) - { - fprintf(out, "no config named '%s'\n", msg->route.name); - return; - } - if (peer_cfg->get_ike_version(peer_cfg) != 2) + if (peer_cfg) { - peer_cfg->destroy(peer_cfg); - return; - } + if (peer_cfg->get_ike_version(peer_cfg) != 2) + { + DBG1(DBG_CFG, "ignoring initiation request for IKEv%d config", + peer_cfg->get_ike_version(peer_cfg)); + peer_cfg->destroy(peer_cfg); + return; + } - child_cfg = get_child_from_peer(peer_cfg, msg->route.name); - if (child_cfg == NULL) - { - fprintf(out, "no child config named '%s'\n", msg->route.name); - peer_cfg->destroy(peer_cfg); - return; - } + child_cfg = get_child_from_peer(peer_cfg, msg->route.name); + if (child_cfg == NULL) + { + enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); + while (enumerator->enumerate(enumerator, &child_cfg)) + { + empty = FALSE; + charon_route(peer_cfg, child_cfg, child_cfg->get_name(child_cfg), + out); + } + enumerator->destroy(enumerator); - if (charon->traps->install(charon->traps, peer_cfg, child_cfg)) - { - fprintf(out, "configuration '%s' routed\n", msg->route.name); + if (empty) + { + DBG1(DBG_CFG, "no child config named '%s'", msg->route.name); + fprintf(out, "no child config named '%s'\n", msg->route.name); + } + peer_cfg->destroy(peer_cfg); + return; + } } else { - fprintf(out, "routing configuration '%s' failed\n", msg->route.name); + enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends, + NULL, NULL, NULL, NULL); + while (enumerator->enumerate(enumerator, &peer_cfg)) + { + if (peer_cfg->get_ike_version(peer_cfg) != 2) + { + continue; + } + child_cfg = get_child_from_peer(peer_cfg, msg->route.name); + if (child_cfg) + { + peer_cfg->get_ref(peer_cfg); + break; + } + } + enumerator->destroy(enumerator); + + if (child_cfg == NULL) + { + DBG1(DBG_CFG, "no config named '%s'", msg->route.name); + fprintf(out, "no config named '%s'\n", msg->route.name); + return; + } } + charon_route(peer_cfg, child_cfg, msg->route.name, out); peer_cfg->destroy(peer_cfg); child_cfg->destroy(child_cfg); } -<<<<<<< HEAD -/** - * Implementation of stroke_control_t.unroute. - */ -static void unroute(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) -======= METHOD(stroke_control_t, unroute, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) ->>>>>>> upstream/4.5.1 { child_sa_t *child_sa; enumerator_t *enumerator; @@ -637,15 +627,8 @@ METHOD(stroke_control_t, unroute, void, fprintf(out, "configuration '%s' not found\n", msg->unroute.name); } -<<<<<<< HEAD -/** - * Implementation of stroke_control_t.destroy - */ -static void destroy(private_stroke_control_t *this) -======= METHOD(stroke_control_t, destroy, void, private_stroke_control_t *this) ->>>>>>> upstream/4.5.1 { free(this); } @@ -655,17 +638,6 @@ METHOD(stroke_control_t, destroy, void, */ stroke_control_t *stroke_control_create() { -<<<<<<< HEAD - private_stroke_control_t *this = malloc_thing(private_stroke_control_t); - - this->public.initiate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))initiate; - this->public.terminate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate; - this->public.terminate_srcip = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate_srcip; - this->public.purge_ike = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))purge_ike; - this->public.route = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))route; - this->public.unroute = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))unroute; - this->public.destroy = (void(*)(stroke_control_t*))destroy; -======= private_stroke_control_t *this; INIT(this, @@ -680,7 +652,6 @@ stroke_control_t *stroke_control_create() .destroy = _destroy, }, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/stroke/stroke_control.h b/src/libcharon/plugins/stroke/stroke_control.h index e4d67023a..869aab3d3 100644 --- a/src/libcharon/plugins/stroke/stroke_control.h +++ b/src/libcharon/plugins/stroke/stroke_control.h @@ -54,8 +54,6 @@ struct stroke_control_t { void (*terminate_srcip)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); /** -<<<<<<< HEAD -======= * Rekey a connection. * * @param msg stroke message @@ -63,7 +61,6 @@ struct stroke_control_t { void (*rekey)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); /** ->>>>>>> upstream/4.5.1 * Delete IKE_SAs without a CHILD_SA. * * @param msg stroke message diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index 6d9440778..baf02a6da 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -1,9 +1,5 @@ /* -<<<<<<< HEAD - * Copyright (C) 2008 Tobias Brunner -======= * Copyright (C) 2008-2010 Tobias Brunner ->>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -29,10 +25,6 @@ #include <unistd.h> #include "stroke_cred.h" -<<<<<<< HEAD -#include "stroke_shared_key.h" -======= ->>>>>>> upstream/4.5.1 #include <credentials/certificates/x509.h> #include <credentials/certificates/crl.h> @@ -71,30 +63,9 @@ struct private_stroke_cred_t { stroke_cred_t public; /** -<<<<<<< HEAD - * list of trusted peer/signer/CA certificates (certificate_t) - */ - linked_list_t *certs; - - /** - * list of shared secrets (private_shared_key_t) - */ - linked_list_t *shared; - - /** - * list of private keys (private_key_t) - */ - linked_list_t *private; - - /** - * read-write lock to lists - */ - rwlock_t *lock; -======= * credentials */ mem_cred_t *creds; ->>>>>>> upstream/4.5.1 /** * cache CRLs to disk? @@ -103,240 +74,6 @@ struct private_stroke_cred_t { }; /** -<<<<<<< HEAD - * data to pass to various filters - */ -typedef struct { - private_stroke_cred_t *this; - identification_t *id; - certificate_type_t cert; - key_type_t key; -} id_data_t; - -/** - * destroy id enumerator data and unlock list - */ -static void id_data_destroy(id_data_t *data) -{ - data->this->lock->unlock(data->this->lock); - free(data); -} - -/** - * filter function for private key enumerator - */ -static bool private_filter(id_data_t *data, - private_key_t **in, private_key_t **out) -{ - private_key_t *key; - - key = *in; - if (data->key == KEY_ANY || data->key == key->get_type(key)) - { - if (data->id == NULL) - { - *out = key; - return TRUE; - } - if (key->has_fingerprint(key, data->id->get_encoding(data->id))) - { - *out = key; - return TRUE; - } - } - return FALSE; -} - -/** - * Implements credential_set_t.create_private_enumerator - */ -static enumerator_t* create_private_enumerator(private_stroke_cred_t *this, - key_type_t type, identification_t *id) -{ - id_data_t *data; - - data = malloc_thing(id_data_t); - data->this = this; - data->id = id; - data->key = type; - - this->lock->read_lock(this->lock); - return enumerator_create_filter(this->private->create_enumerator(this->private), - (void*)private_filter, data, - (void*)id_data_destroy); -} - -/** - * filter function for certs enumerator - */ -static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **out) -{ - public_key_t *public; - certificate_t *cert = *in; - - if (data->cert != CERT_ANY && data->cert != cert->get_type(cert)) - { - return FALSE; - } - if (data->id == NULL || cert->has_subject(cert, data->id)) - { - *out = *in; - return TRUE; - } - - public = cert->get_public_key(cert); - if (public) - { - if (data->key == KEY_ANY || data->key != public->get_type(public)) - { - if (public->has_fingerprint(public, data->id->get_encoding(data->id))) - { - public->destroy(public); - *out = *in; - return TRUE; - } - } - public->destroy(public); - } - return FALSE; -} - -/** - * Implements credential_set_t.create_cert_enumerator - */ -static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, - certificate_type_t cert, key_type_t key, - identification_t *id, bool trusted) -{ - id_data_t *data; - - if (trusted && (cert == CERT_X509_CRL || cert == CERT_X509_AC)) - { - return NULL; - } - data = malloc_thing(id_data_t); - data->this = this; - data->id = id; - data->cert = cert; - data->key = key; - - this->lock->read_lock(this->lock); - return enumerator_create_filter(this->certs->create_enumerator(this->certs), - (void*)certs_filter, data, - (void*)id_data_destroy); -} - -typedef struct { - private_stroke_cred_t *this; - identification_t *me; - identification_t *other; - shared_key_type_t type; -} shared_data_t; - -/** - * free shared key enumerator data and unlock list - */ -static void shared_data_destroy(shared_data_t *data) -{ - data->this->lock->unlock(data->this->lock); - free(data); -} - -/** - * filter function for certs enumerator - */ -static bool shared_filter(shared_data_t *data, - stroke_shared_key_t **in, shared_key_t **out, - void **unused1, id_match_t *me, - void **unused2, id_match_t *other) -{ - id_match_t my_match = ID_MATCH_NONE, other_match = ID_MATCH_NONE; - stroke_shared_key_t *stroke = *in; - shared_key_t *shared = &stroke->shared; - - if (data->type != SHARED_ANY && shared->get_type(shared) != data->type) - { - return FALSE; - } - - if (data->me) - { - my_match = stroke->has_owner(stroke, data->me); - } - if (data->other) - { - other_match = stroke->has_owner(stroke, data->other); - } - if ((data->me || data->other) && (!my_match && !other_match)) - { - return FALSE; - } - *out = shared; - if (me) - { - *me = my_match; - } - if (other) - { - *other = other_match; - } - return TRUE; -} - -/** - * Implements credential_set_t.create_shared_enumerator - */ -static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this, - shared_key_type_t type, identification_t *me, - identification_t *other) -{ - shared_data_t *data = malloc_thing(shared_data_t); - - data->this = this; - data->me = me; - data->other = other; - data->type = type; - this->lock->read_lock(this->lock); - return enumerator_create_filter(this->shared->create_enumerator(this->shared), - (void*)shared_filter, data, - (void*)shared_data_destroy); -} - -/** - * Add a certificate to chain - */ -static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert) -{ - certificate_t *current; - enumerator_t *enumerator; - bool new = TRUE; - - this->lock->read_lock(this->lock); - enumerator = this->certs->create_enumerator(this->certs); - while (enumerator->enumerate(enumerator, (void**)¤t)) - { - if (current->equals(current, cert)) - { - /* cert already in queue */ - cert->destroy(cert); - cert = current; - new = FALSE; - break; - } - } - enumerator->destroy(enumerator); - - if (new) - { - this->certs->insert_last(this->certs, cert); - } - this->lock->unlock(this->lock); - return cert; -} - -/** -======= ->>>>>>> upstream/4.5.1 * Implementation of stroke_cred_t.load_ca. */ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) @@ -368,92 +105,12 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) cert->destroy(cert); return NULL; } -<<<<<<< HEAD - return (certificate_t*)add_cert(this, cert); -======= return this->creds->add_cert_ref(this->creds, TRUE, cert); ->>>>>>> upstream/4.5.1 } return NULL; } /** -<<<<<<< HEAD - * Add X.509 CRL to chain - */ -static bool add_crl(private_stroke_cred_t *this, crl_t* crl) -{ - certificate_t *current, *cert = &crl->certificate; - enumerator_t *enumerator; - bool new = TRUE, found = FALSE; - - this->lock->write_lock(this->lock); - enumerator = this->certs->create_enumerator(this->certs); - while (enumerator->enumerate(enumerator, (void**)¤t)) - { - if (current->get_type(current) == CERT_X509_CRL) - { - crl_t *crl_c = (crl_t*)current; - chunk_t authkey = crl->get_authKeyIdentifier(crl); - chunk_t authkey_c = crl_c->get_authKeyIdentifier(crl_c); - - /* if compare authorityKeyIdentifiers if available */ - if (authkey.ptr && authkey_c.ptr && chunk_equals(authkey, authkey_c)) - { - found = TRUE; - } - else - { - identification_t *issuer = cert->get_issuer(cert); - identification_t *issuer_c = current->get_issuer(current); - - /* otherwise compare issuer distinguished names */ - if (issuer->equals(issuer, issuer_c)) - { - found = TRUE; - } - } - if (found) - { - new = crl_is_newer(crl, crl_c); - if (new) - { - this->certs->remove_at(this->certs, enumerator); - } - else - { - cert->destroy(cert); - } - break; - } - } - } - enumerator->destroy(enumerator); - - if (new) - { - this->certs->insert_last(this->certs, cert); - } - this->lock->unlock(this->lock); - return new; -} - -/** - * Add X.509 attribute certificate to chain - */ -static bool add_ac(private_stroke_cred_t *this, ac_t* ac) -{ - certificate_t *cert = &ac->certificate; - - this->lock->write_lock(this->lock); - this->certs->insert_last(this->certs, cert); - this->lock->unlock(this->lock); - return TRUE; -} - -/** -======= ->>>>>>> upstream/4.5.1 * Implementation of stroke_cred_t.load_peer. */ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename) @@ -476,17 +133,10 @@ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename) BUILD_END); if (cert) { -<<<<<<< HEAD - cert = add_cert(this, cert); - DBG1(DBG_CFG, " loaded certificate \"%Y\" from '%s'", - cert->get_subject(cert), filename); - return cert->get_ref(cert); -======= cert = this->creds->add_cert_ref(this->creds, TRUE, cert); DBG1(DBG_CFG, " loaded certificate \"%Y\" from '%s'", cert->get_subject(cert), filename); return cert; ->>>>>>> upstream/4.5.1 } DBG1(DBG_CFG, " loading certificate from '%s' failed", filename); return NULL; @@ -541,13 +191,8 @@ static void load_certdir(private_stroke_cred_t *this, char *path, } else { -<<<<<<< HEAD - DBG1(DBG_CFG, " loaded ca certificate \"%Y\" from '%s'", - cert->get_subject(cert), file); -======= DBG1(DBG_CFG, " loaded ca certificate \"%Y\" " "from '%s'", cert->get_subject(cert), file); ->>>>>>> upstream/4.5.1 } } else @@ -575,11 +220,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path, } if (cert) { -<<<<<<< HEAD - add_cert(this, cert); -======= this->creds->add_cert(this->creds, TRUE, cert); ->>>>>>> upstream/4.5.1 } break; case CERT_X509_CRL: @@ -589,11 +230,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path, BUILD_END); if (cert) { -<<<<<<< HEAD - add_crl(this, (crl_t*)cert); -======= this->creds->add_crl(this->creds, (crl_t*)cert); ->>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " loaded crl from '%s'", file); } else @@ -608,11 +245,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path, BUILD_END); if (cert) { -<<<<<<< HEAD - add_ac(this, (ac_t*)cert); -======= this->creds->add_cert(this->creds, FALSE, cert); ->>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " loaded attribute certificate from '%s'", file); } @@ -640,18 +273,14 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert) crl_t *crl = (crl_t*)cert; cert->get_ref(cert); -<<<<<<< HEAD - if (add_crl(this, crl)) -======= if (this->creds->add_crl(this->creds, crl)) ->>>>>>> upstream/4.5.1 { char buf[BUF_LEN]; chunk_t chunk, hex; chunk = crl->get_authKeyIdentifier(crl); hex = chunk_to_hex(chunk, NULL, FALSE); - snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_DIR, hex); + snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_DIR, hex.ptr); free(hex.ptr); if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk)) @@ -889,7 +518,7 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, DBG1(DBG_CFG, "line %d: expected %%smartcard specifier", line_nr); return FALSE; } - snprintf(smartcard, sizeof(smartcard), "%.*s", sc.len, sc.ptr); + snprintf(smartcard, sizeof(smartcard), "%.*s", (int)sc.len, sc.ptr); smartcard[sizeof(smartcard) - 1] = '\0'; /* parse slot and key id. Three formats are supported: @@ -907,7 +536,7 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, return FALSE; } *pos = '\0'; - strcpy(keyid, pos + 1); + strncpy(keyid, pos + 1, sizeof(keyid)); format = SC_FORMAT_SLOT_MODULE_KEYID; } else if (sscanf(smartcard, "%%smartcard%u:%s", &slot, keyid) == 2) @@ -965,10 +594,6 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, } /* unlock: smartcard needs the pin and potentially calls public set */ -<<<<<<< HEAD - this->lock->unlock(this->lock); -======= ->>>>>>> upstream/4.5.1 switch (format) { case SC_FORMAT_SLOT_MODULE_KEYID: @@ -990,10 +615,6 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, BUILD_PKCS11_KEYID, chunk, BUILD_END); break; } -<<<<<<< HEAD - this->lock->write_lock(this->lock); -======= ->>>>>>> upstream/4.5.1 if (mem) { lib->credmgr->remove_local_set(lib->credmgr, &mem->set); @@ -1008,11 +629,7 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr, if (key) { DBG1(DBG_CFG, " loaded private key from %.*s", sc.len, sc.ptr); -<<<<<<< HEAD - this->private->insert_last(this->private, key); -======= this->creds->add_key(this->creds, key); ->>>>>>> upstream/4.5.1 } return TRUE; } @@ -1043,13 +660,13 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, if (*filename.ptr == '/') { /* absolute path name */ - snprintf(path, sizeof(path), "%.*s", filename.len, filename.ptr); + snprintf(path, sizeof(path), "%.*s", (int)filename.len, filename.ptr); } else { /* relative path name */ snprintf(path, sizeof(path), "%s/%.*s", PRIVATE_KEY_DIR, - filename.len, filename.ptr); + (int)filename.len, filename.ptr); } /* check for optional passphrase */ @@ -1083,16 +700,8 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, cb = callback_cred_create_shared((void*)passphrase_cb, &pp_data); lib->credmgr->add_local_set(lib->credmgr, &cb->set); -<<<<<<< HEAD - /* unlock, as the builder might ask for a secret */ - this->lock->unlock(this->lock); key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, BUILD_FROM_FILE, path, BUILD_END); - this->lock->write_lock(this->lock); -======= - key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, - BUILD_FROM_FILE, path, BUILD_END); ->>>>>>> upstream/4.5.1 lib->credmgr->remove_local_set(lib->credmgr, &cb->set); cb->destroy(cb); @@ -1108,16 +717,8 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, mem->add_shared(mem, shared, NULL); lib->credmgr->add_local_set(lib->credmgr, &mem->set); -<<<<<<< HEAD - /* unlock, as the builder might ask for a secret */ - this->lock->unlock(this->lock); - key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, - BUILD_FROM_FILE, path, BUILD_END); - this->lock->write_lock(this->lock); -======= key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, BUILD_FROM_FILE, path, BUILD_END); ->>>>>>> upstream/4.5.1 lib->credmgr->remove_local_set(lib->credmgr, &mem->set); mem->destroy(mem); @@ -1126,11 +727,7 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, { DBG1(DBG_CFG, " loaded %N private key from '%s'", key_type_names, key->get_type(key), path); -<<<<<<< HEAD - this->private->insert_last(this->private, key); -======= this->creds->add_key(this->creds, key); ->>>>>>> upstream/4.5.1 } else { @@ -1145,12 +742,8 @@ static bool load_private(private_stroke_cred_t *this, chunk_t line, int line_nr, static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr, shared_key_type_t type, chunk_t ids) { -<<<<<<< HEAD - stroke_shared_key_t *shared_key; -======= shared_key_t *shared_key; linked_list_t *owners; ->>>>>>> upstream/4.5.1 chunk_t secret = chunk_empty; bool any = TRUE; @@ -1160,20 +753,12 @@ static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr, DBG1(DBG_CFG, "line %d: malformed secret: %s", line_nr, ugh); return FALSE; } -<<<<<<< HEAD - shared_key = stroke_shared_key_create(type, secret); -======= shared_key = shared_key_create(type, secret); ->>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " loaded %N secret for %s", shared_key_type_names, type, ids.len > 0 ? (char*)ids.ptr : "%any"); DBG4(DBG_CFG, " secret: %#B", &secret); -<<<<<<< HEAD - this->shared->insert_last(this->shared, shared_key); -======= owners = linked_list_create(); ->>>>>>> upstream/4.5.1 while (ids.len > 0) { chunk_t id; @@ -1183,6 +768,8 @@ static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr, if (ugh != NULL) { DBG1(DBG_CFG, "line %d: %s", line_nr, ugh); + shared_key->destroy(shared_key); + owners->destroy_offset(owners, offsetof(identification_t, destroy)); return FALSE; } if (id.len == 0) @@ -1199,25 +786,15 @@ static bool load_shared(private_stroke_cred_t *this, chunk_t line, int line_nr, continue; } -<<<<<<< HEAD - shared_key->add_owner(shared_key, peer_id); -======= owners->insert_last(owners, peer_id); ->>>>>>> upstream/4.5.1 any = FALSE; } if (any) { -<<<<<<< HEAD - shared_key->add_owner(shared_key, - identification_create_from_encoding(ID_ANY, chunk_empty)); - } -======= owners->insert_last(owners, identification_create_from_encoding(ID_ANY, chunk_empty)); } this->creds->add_shared_list(this->creds, shared_key, owners); ->>>>>>> upstream/4.5.1 return TRUE; } @@ -1229,11 +806,6 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, { int line_nr = 0, fd; chunk_t src, line; -<<<<<<< HEAD - private_key_t *private; - shared_key_t *shared; -======= ->>>>>>> upstream/4.5.1 struct stat sb; void *addr; @@ -1262,25 +834,8 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, src = chunk_create(addr, sb.st_size); if (level == 0) -<<<<<<< HEAD - { - this->lock->write_lock(this->lock); - - /* flush secrets on non-recursive invocation */ - while (this->shared->remove_last(this->shared, - (void**)&shared) == SUCCESS) - { - shared->destroy(shared); - } - while (this->private->remove_last(this->private, - (void**)&private) == SUCCESS) - { - private->destroy(private); - } -======= { /* flush secrets on non-recursive invocation */ this->creds->clear_secrets(this->creds); ->>>>>>> upstream/4.5.1 } while (fetchline(&src, &line)) @@ -1321,7 +876,8 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, DBG1(DBG_CFG, "include pattern too long, ignored"); continue; } - snprintf(pattern, sizeof(pattern), "%.*s", line.len, line.ptr); + snprintf(pattern, sizeof(pattern), "%.*s", + (int)line.len, line.ptr); } else { /* use directory of current file if relative */ @@ -1335,16 +891,12 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, continue; } snprintf(pattern, sizeof(pattern), "%s/%.*s", - dir, line.len, line.ptr); + dir, (int)line.len, line.ptr); free(dir); } if (glob(pattern, GLOB_ERR, NULL, &buf) != 0) { DBG1(DBG_CFG, "expanding file expression '%s' failed", pattern); -<<<<<<< HEAD - globfree(&buf); -======= ->>>>>>> upstream/4.5.1 } else { @@ -1412,13 +964,6 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, break; } } -<<<<<<< HEAD - if (level == 0) - { - this->lock->unlock(this->lock); - } -======= ->>>>>>> upstream/4.5.1 munmap(addr, sb.st_size); close(fd); } @@ -1497,15 +1042,8 @@ static void reread(private_stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt) */ static void destroy(private_stroke_cred_t *this) { -<<<<<<< HEAD - this->certs->destroy_offset(this->certs, offsetof(certificate_t, destroy)); - this->shared->destroy_offset(this->shared, offsetof(shared_key_t, destroy)); - this->private->destroy_offset(this->private, offsetof(private_key_t, destroy)); - this->lock->destroy(this->lock); -======= lib->credmgr->remove_set(lib->credmgr, &this->creds->set); this->creds->destroy(this->creds); ->>>>>>> upstream/4.5.1 free(this); } @@ -1516,15 +1054,9 @@ stroke_cred_t *stroke_cred_create() { private_stroke_cred_t *this = malloc_thing(private_stroke_cred_t); -<<<<<<< HEAD - this->public.set.create_private_enumerator = (void*)create_private_enumerator; - this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; - this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; -======= this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_cert_enumerator = (void*)return_null; this->public.set.create_shared_enumerator = (void*)return_null; ->>>>>>> upstream/4.5.1 this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.cache_cert = (void*)cache_cert; this->public.reread = (void(*)(stroke_cred_t*, stroke_msg_t *msg, FILE*))reread; @@ -1533,15 +1065,8 @@ stroke_cred_t *stroke_cred_create() this->public.cachecrl = (void(*)(stroke_cred_t*, bool enabled))cachecrl; this->public.destroy = (void(*)(stroke_cred_t*))destroy; -<<<<<<< HEAD - this->certs = linked_list_create(); - this->shared = linked_list_create(); - this->private = linked_list_create(); - this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); -======= this->creds = mem_cred_create(); lib->credmgr->add_set(lib->credmgr, &this->creds->set); ->>>>>>> upstream/4.5.1 load_certs(this); load_secrets(this, SECRETS_FILE, 0, NULL); diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index 9c71b2cd2..6c42f8f8a 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -388,15 +388,8 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local) enumerator->destroy(enumerator); } -<<<<<<< HEAD -/** - * Implementation of stroke_list_t.status. - */ -static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all) -======= METHOD(stroke_list_t, status, void, private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator, *children; ike_cfg_t *ike_cfg; @@ -409,7 +402,8 @@ METHOD(stroke_list_t, status, void, if (all) { peer_cfg_t *peer_cfg; - char *plugin, *pool; + plugin_t *plugin; + char *pool; host_t *host; u_int32_t dpd; time_t since, now; @@ -438,7 +432,7 @@ METHOD(stroke_list_t, status, void, enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); while (enumerator->enumerate(enumerator, &plugin)) { - fprintf(out, "%s ", plugin); + fprintf(out, "%s ", plugin->get_name(plugin)); } enumerator->destroy(enumerator); fprintf(out, "\n"); @@ -761,11 +755,7 @@ static void stroke_list_certs(linked_list_t *list, char *label, enumerator_t *enumerator; identification_t *altName; bool first_altName = TRUE; -<<<<<<< HEAD - int pathlen; -======= u_int pathlen; ->>>>>>> upstream/4.5.1 chunk_t serial, authkey; time_t notBefore, notAfter; public_key_t *public; @@ -845,17 +835,10 @@ static void stroke_list_certs(linked_list_t *list, char *label, } /* list optional pathLenConstraint */ -<<<<<<< HEAD - pathlen = x509->get_pathLenConstraint(x509); - if (pathlen != X509_NO_PATH_LEN_CONSTRAINT) - { - fprintf(out, " pathlen: %d\n", pathlen); -======= pathlen = x509->get_constraint(x509, X509_PATH_LEN); if (pathlen != X509_NO_CONSTRAINT) { fprintf(out, " pathlen: %u\n", pathlen); ->>>>>>> upstream/4.5.1 } /* list optional ipAddrBlocks */ @@ -995,13 +978,10 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) { fprintf(out, " serial: %#B\n", &chunk); } -<<<<<<< HEAD -======= if (crl->is_delta_crl(crl, &chunk)) { fprintf(out, " delta for: %#B\n", &chunk); } ->>>>>>> upstream/4.5.1 /* count the number of revoked certificates */ { @@ -1083,8 +1063,6 @@ static void stroke_list_ocsp(linked_list_t* list, bool utc, FILE *out) } /** -<<<<<<< HEAD -======= * Print the name of an algorithm plus the name of the plugin that registered it */ static void print_alg(FILE *out, int *len, enum_name_t *alg_names, int alg_type, @@ -1092,19 +1070,18 @@ static void print_alg(FILE *out, int *len, enum_name_t *alg_names, int alg_type, { char alg_name[BUF_LEN]; int alg_name_len; - + alg_name_len = sprintf(alg_name, " %N[%s]", alg_names, alg_type, plugin_name); if (*len + alg_name_len > CRYPTO_MAX_ALG_LINE) { fprintf(out, "\n "); - *len = 13; + *len = 13; } fprintf(out, "%s", alg_name); *len += alg_name_len; } /** ->>>>>>> upstream/4.5.1 * List of registered cryptographical algorithms */ static void list_algs(FILE *out) @@ -1115,51 +1092,6 @@ static void list_algs(FILE *out) hash_algorithm_t hash; pseudo_random_function_t prf; diffie_hellman_group_t group; -<<<<<<< HEAD - - fprintf(out, "\n"); - fprintf(out, "List of registered IKEv2 Algorithms:\n"); - fprintf(out, "\n encryption: "); - enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &encryption)) - { - fprintf(out, "%N ", encryption_algorithm_names, encryption); - } - enumerator->destroy(enumerator); - fprintf(out, "\n integrity: "); - enumerator = lib->crypto->create_signer_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &integrity)) - { - fprintf(out, "%N ", integrity_algorithm_names, integrity); - } - enumerator->destroy(enumerator); - fprintf(out, "\n aead: "); - enumerator = lib->crypto->create_aead_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &encryption)) - { - fprintf(out, "%N ", encryption_algorithm_names, encryption); - } - enumerator->destroy(enumerator); - fprintf(out, "\n hasher: "); - enumerator = lib->crypto->create_hasher_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &hash)) - { - fprintf(out, "%N ", hash_algorithm_names, hash); - } - enumerator->destroy(enumerator); - fprintf(out, "\n prf: "); - enumerator = lib->crypto->create_prf_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &prf)) - { - fprintf(out, "%N ", pseudo_random_function_names, prf); - } - enumerator->destroy(enumerator); - fprintf(out, "\n dh-group: "); - enumerator = lib->crypto->create_dh_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &group)) - { - fprintf(out, "%N ", diffie_hellman_group_names, group); -======= rng_quality_t quality; const char *plugin_name; int len; @@ -1220,21 +1152,13 @@ static void list_algs(FILE *out) while (enumerator->enumerate(enumerator, &quality, &plugin_name)) { print_alg(out, &len, rng_quality_names, quality, plugin_name); ->>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); fprintf(out, "\n"); } -<<<<<<< HEAD -/** - * Implementation of stroke_list_t.list. - */ -static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) -======= METHOD(stroke_list_t, list, void, private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) ->>>>>>> upstream/4.5.1 { linked_list_t *cert_list = NULL; @@ -1337,15 +1261,8 @@ static void pool_leases(private_stroke_list_t *this, FILE *out, char *pool, } } -<<<<<<< HEAD -/** - * Implementation of stroke_list_t.leases - */ -static void leases(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) -======= METHOD(stroke_list_t, leases, void, private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; u_int size, offline, online; @@ -1382,15 +1299,8 @@ METHOD(stroke_list_t, leases, void, DESTROY_IF(address); } -<<<<<<< HEAD -/** - * Implementation of stroke_list_t.destroy - */ -static void destroy(private_stroke_list_t *this) -======= METHOD(stroke_list_t, destroy, void, private_stroke_list_t *this) ->>>>>>> upstream/4.5.1 { free(this); } @@ -1400,17 +1310,6 @@ METHOD(stroke_list_t, destroy, void, */ stroke_list_t *stroke_list_create(stroke_attribute_t *attribute) { -<<<<<<< HEAD - private_stroke_list_t *this = malloc_thing(private_stroke_list_t); - - this->public.list = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))list; - this->public.status = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out,bool))status; - this->public.leases = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))leases; - this->public.destroy = (void(*)(stroke_list_t*))destroy; - - this->uptime = time_monotonic(NULL); - this->attribute = attribute; -======= private_stroke_list_t *this; INIT(this, @@ -1424,7 +1323,6 @@ stroke_list_t *stroke_list_create(stroke_attribute_t *attribute) .uptime = time_monotonic(NULL), .attribute = attribute, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c index 81274b599..2884db4bf 100644 --- a/src/libcharon/plugins/stroke/stroke_plugin.c +++ b/src/libcharon/plugins/stroke/stroke_plugin.c @@ -36,15 +36,14 @@ struct private_stroke_plugin_t { stroke_socket_t *socket; }; -<<<<<<< HEAD -/** - * Implementation of stroke_plugin_t.destroy - */ -static void destroy(private_stroke_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_stroke_plugin_t *this) +{ + return "stroke"; +} + METHOD(plugin_t, destroy, void, private_stroke_plugin_t *this) ->>>>>>> upstream/4.5.1 { this->socket->destroy(this->socket); free(this); @@ -55,25 +54,19 @@ METHOD(plugin_t, destroy, void, */ plugin_t *stroke_plugin_create() { -<<<<<<< HEAD - private_stroke_plugin_t *this = malloc_thing(private_stroke_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - this->socket = stroke_socket_create(); -======= private_stroke_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, .socket = stroke_socket_create(), ); ->>>>>>> upstream/4.5.1 if (this->socket == NULL) { free(this); diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index e9ed86d09..88d0270d8 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -122,7 +122,7 @@ static void pop_string(stroke_msg_t *msg, char **string) /* check for sanity of string pointer and string */ if (string < (char**)msg || - string > (char**)msg + sizeof(stroke_msg_t) || + string > (char**)((char*)msg + sizeof(stroke_msg_t)) || (unsigned long)*string < (unsigned long)((char*)msg->buffer - (char*)msg) || (unsigned long)*string > msg->length) { @@ -151,10 +151,7 @@ static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end) pop_string(msg, &end->ca); pop_string(msg, &end->ca2); pop_string(msg, &end->groups); -<<<<<<< HEAD -======= pop_string(msg, &end->cert_policy); ->>>>>>> upstream/4.5.1 pop_string(msg, &end->updown); DBG2(DBG_CFG, " %s=%s", label, end->address); @@ -250,8 +247,6 @@ static void stroke_terminate_srcip(private_stroke_socket_t *this, } /** -<<<<<<< HEAD -======= * rekey a connection by name/id */ static void stroke_rekey(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out) @@ -263,7 +258,6 @@ static void stroke_rekey(private_stroke_socket_t *this, stroke_msg_t *msg, FILE } /** ->>>>>>> upstream/4.5.1 * route a policy (install SPD entries) */ static void stroke_route(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out) @@ -366,8 +360,6 @@ static void stroke_purge(private_stroke_socket_t *this, { lib->credmgr->flush_cache(lib->credmgr, CERT_X509_OCSP_RESPONSE); } -<<<<<<< HEAD -======= if (msg->purge.flags & PURGE_CRLS) { lib->credmgr->flush_cache(lib->credmgr, CERT_X509_CRL); @@ -376,7 +368,6 @@ static void stroke_purge(private_stroke_socket_t *this, { lib->credmgr->flush_cache(lib->credmgr, CERT_X509); } ->>>>>>> upstream/4.5.1 if (msg->purge.flags & PURGE_IKE) { this->control->purge_ike(this->control, msg, out); @@ -405,7 +396,7 @@ static void stroke_export(private_stroke_socket_t *this, { if (cert->get_encoding(cert, CERT_PEM, &encoded)) { - fprintf(out, "%.*s", encoded.len, encoded.ptr); + fprintf(out, "%.*s", (int)encoded.len, encoded.ptr); free(encoded.ptr); } } @@ -539,12 +530,9 @@ static job_requeue_t process(stroke_job_context_t *ctx) case STR_TERMINATE_SRCIP: stroke_terminate_srcip(this, msg, out); break; -<<<<<<< HEAD -======= case STR_REKEY: stroke_rekey(this, msg, out); break; ->>>>>>> upstream/4.5.1 case STR_STATUS: stroke_status(this, msg, out, FALSE); break; diff --git a/src/libcharon/plugins/tnc_imc/Makefile.am b/src/libcharon/plugins/tnc_imc/Makefile.am index 604536953..2c551813e 100644 --- a/src/libcharon/plugins/tnc_imc/Makefile.am +++ b/src/libcharon/plugins/tnc_imc/Makefile.am @@ -1,18 +1,9 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ -<<<<<<< HEAD - -I$(top_srcdir)/src/libcharon `xml2-config --cflags` - -AM_CFLAGS = -rdynamic - -libstrongswan_tnc_imc_la_LIBADD = -ltnc - -======= -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic ->>>>>>> upstream/4.5.1 if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-imc.la else @@ -20,12 +11,8 @@ plugin_LTLIBRARIES = libstrongswan-tnc-imc.la endif libstrongswan_tnc_imc_la_SOURCES = \ -<<<<<<< HEAD - tnc_imc_plugin.h tnc_imc_plugin.c -======= tnc_imc_plugin.h tnc_imc_plugin.c tnc_imc.h tnc_imc.c \ tnc_imc_manager.h tnc_imc_manager.c tnc_imc_bind_function.c ->>>>>>> upstream/4.5.1 libstrongswan_tnc_imc_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/tnc_imc/Makefile.in b/src/libcharon/plugins/tnc_imc/Makefile.in index 61fe74a15..c2bc35dc5 100644 --- a/src/libcharon/plugins/tnc_imc/Makefile.in +++ b/src/libcharon/plugins/tnc_imc/Makefile.in @@ -74,14 +74,9 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) -<<<<<<< HEAD -libstrongswan_tnc_imc_la_DEPENDENCIES = -am_libstrongswan_tnc_imc_la_OBJECTS = tnc_imc_plugin.lo -======= libstrongswan_tnc_imc_la_LIBADD = am_libstrongswan_tnc_imc_la_OBJECTS = tnc_imc_plugin.lo tnc_imc.lo \ tnc_imc_manager.lo tnc_imc_bind_function.lo ->>>>>>> upstream/4.5.1 libstrongswan_tnc_imc_la_OBJECTS = \ $(am_libstrongswan_tnc_imc_la_OBJECTS) libstrongswan_tnc_imc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -227,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -254,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -272,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -288,16 +277,6 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ -<<<<<<< HEAD - -I$(top_srcdir)/src/libcharon `xml2-config --cflags` - -AM_CFLAGS = -rdynamic -libstrongswan_tnc_imc_la_LIBADD = -ltnc -@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-imc.la -@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnc-imc.la -libstrongswan_tnc_imc_la_SOURCES = \ - tnc_imc_plugin.h tnc_imc_plugin.c -======= -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic @@ -306,7 +285,6 @@ AM_CFLAGS = -rdynamic libstrongswan_tnc_imc_la_SOURCES = \ tnc_imc_plugin.h tnc_imc_plugin.c tnc_imc.h tnc_imc.c \ tnc_imc_manager.h tnc_imc_manager.c tnc_imc_bind_function.c ->>>>>>> upstream/4.5.1 libstrongswan_tnc_imc_la_LDFLAGS = -module -avoid-version all: all-am @@ -392,12 +370,9 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -<<<<<<< HEAD -======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc_bind_function.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc_manager.Plo@am__quote@ ->>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imc_plugin.Plo@am__quote@ .c.o: diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc.c b/src/libcharon/plugins/tnc_imc/tnc_imc.c index 174084436..d7fc2c65d 100644 --- a/src/libcharon/plugins/tnc_imc/tnc_imc.c +++ b/src/libcharon/plugins/tnc_imc/tnc_imc.c @@ -19,11 +19,12 @@ #include <debug.h> #include <library.h> +#include <threading/mutex.h> typedef struct private_tnc_imc_t private_tnc_imc_t; /** - * Private data of an imv_t object. + * Private data of an imc_t object. */ struct private_tnc_imc_t { @@ -61,6 +62,11 @@ struct private_tnc_imc_t { * Number of supported message types */ TNC_UInt32 type_count; + + /** + * mutex to lock the imc_t object + */ + mutex_t *mutex; }; METHOD(imc_t, set_id, void, @@ -85,6 +91,14 @@ METHOD(imc_t, set_message_types, void, private_tnc_imc_t *this, TNC_MessageTypeList supported_types, TNC_UInt32 type_count) { + char buf[512]; + char *pos = buf; + int len = sizeof(buf); + int written; + + /* lock the imc_t instance */ + this->mutex->lock(this->mutex); + /* Free an existing MessageType list */ free(this->supported_types); this->supported_types = NULL; @@ -94,11 +108,27 @@ METHOD(imc_t, set_message_types, void, if (type_count && supported_types) { size_t size = type_count * sizeof(TNC_MessageType); + int i; + for (i = 0; i < type_count; i++) + { + written = snprintf(pos, len, " 0x%08x", supported_types[i]); + if (written >= len) + { + break; + } + pos += written; + len -= written; + } this->supported_types = malloc(size); memcpy(this->supported_types, supported_types, size); } - DBG2(DBG_TNC, "IMC %u supports %u message types", this->id, type_count); + *pos = '\0'; + DBG2(DBG_TNC, "IMC %u supports %u message types:%s", + this->id, type_count, buf); + + /* lock the imc_t instance */ + this->mutex->unlock(this->mutex); } METHOD(imc_t, type_supported, bool, @@ -132,6 +162,7 @@ METHOD(imc_t, destroy, void, private_tnc_imc_t *this) { dlclose(this->handle); + this->mutex->destroy(this->mutex); free(this->supported_types); free(this->name); free(this->path); @@ -156,6 +187,7 @@ imc_t* tnc_imc_create(char *name, char *path) }, .name = name, .path = path, + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), ); this->handle = dlopen(path, RTLD_LAZY); diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc_bind_function.c b/src/libcharon/plugins/tnc_imc/tnc_imc_bind_function.c index e18f1b006..25a6a1cc4 100644 --- a/src/libcharon/plugins/tnc_imc/tnc_imc_bind_function.c +++ b/src/libcharon/plugins/tnc_imc/tnc_imc_bind_function.c @@ -28,6 +28,12 @@ TNC_Result TNC_TNCC_ReportMessageTypes(TNC_IMCID imc_id, TNC_MessageTypeList supported_types, TNC_UInt32 type_count) { + if (!charon->imcs->is_registered(charon->imcs, imc_id)) + { + DBG1(DBG_TNC, "ignoring ReportMessageTypes() from unregistered IMC %u", + imc_id); + return TNC_RESULT_INVALID_PARAMETER; + } return charon->imcs->set_message_types(charon->imcs, imc_id, supported_types, type_count); } @@ -39,6 +45,12 @@ TNC_Result TNC_TNCC_RequestHandshakeRetry(TNC_IMCID imc_id, TNC_ConnectionID connection_id, TNC_RetryReason reason) { + if (!charon->imcs->is_registered(charon->imcs, imc_id)) + { + DBG1(DBG_TNC, "ignoring RequestHandshakeRetry() from unregistered IMC %u", + imc_id); + return TNC_RESULT_INVALID_PARAMETER; + } return charon->tnccs->request_handshake_retry(charon->tnccs, TRUE, imc_id, connection_id, reason); } @@ -52,6 +64,12 @@ TNC_Result TNC_TNCC_SendMessage(TNC_IMCID imc_id, TNC_UInt32 msg_len, TNC_MessageType msg_type) { + if (!charon->imcs->is_registered(charon->imcs, imc_id)) + { + DBG1(DBG_TNC, "ignoring SendMessage() from unregistered IMC %u", + imc_id); + return TNC_RESULT_INVALID_PARAMETER; + } return charon->tnccs->send_message(charon->tnccs, imc_id, TNC_IMVID_ANY, connection_id, msg, msg_len, msg_type); } diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc_manager.c b/src/libcharon/plugins/tnc_imc/tnc_imc_manager.c index aa20534f5..ccf6aea67 100644 --- a/src/libcharon/plugins/tnc_imc/tnc_imc_manager.c +++ b/src/libcharon/plugins/tnc_imc/tnc_imc_manager.c @@ -77,7 +77,7 @@ METHOD(imc_manager_t, remove_, imc_t*, private_tnc_imc_manager_t *this, TNC_IMCID id) { enumerator_t *enumerator; - imc_t *imc; + imc_t *imc, *removed_imc = NULL; enumerator = this->imcs->create_enumerator(this->imcs); while (enumerator->enumerate(enumerator, &imc)) @@ -85,11 +85,34 @@ METHOD(imc_manager_t, remove_, imc_t*, if (id == imc->get_id(imc)) { this->imcs->remove_at(this->imcs, enumerator); - return imc; + removed_imc = imc; + break; + } + } + enumerator->destroy(enumerator); + + return removed_imc; +} + +METHOD(imc_manager_t, is_registered, bool, + private_tnc_imc_manager_t *this, TNC_IMCID id) +{ + enumerator_t *enumerator; + imc_t *imc; + bool found = FALSE; + + enumerator = this->imcs->create_enumerator(this->imcs); + while (enumerator->enumerate(enumerator, &imc)) + { + if (id == imc->get_id(imc)) + { + found = TRUE; + break; } } enumerator->destroy(enumerator); - return NULL; + + return found; } METHOD(imc_manager_t, get_preferred_language, char*, @@ -160,6 +183,7 @@ METHOD(imc_manager_t, receive_message, void, TNC_UInt32 message_len, TNC_MessageType message_type) { + bool type_supported = FALSE; enumerator_t *enumerator; imc_t *imc; @@ -168,11 +192,16 @@ METHOD(imc_manager_t, receive_message, void, { if (imc->receive_message && imc->type_supported(imc, message_type)) { + type_supported = TRUE; imc->receive_message(imc->get_id(imc), connection_id, message, message_len, message_type); } } enumerator->destroy(enumerator); + if (!type_supported) + { + DBG2(DBG_TNC, "message type 0x%08x not supported by any IMC", message_type); + } } METHOD(imc_manager_t, batch_ending, void, @@ -222,6 +251,7 @@ imc_manager_t* tnc_imc_manager_create(void) .public = { .add = _add, .remove = _remove_, /* avoid name conflict with stdio.h */ + .is_registered = _is_registered, .get_preferred_language = _get_preferred_language, .notify_connection_change = _notify_connection_change, .begin_handshake = _begin_handshake, diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c b/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c index f7d6c00d7..bc13b8735 100644 --- a/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c +++ b/src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c @@ -14,12 +14,6 @@ */ #include "tnc_imc_plugin.h" -<<<<<<< HEAD - -#include <libtnctncc.h> - -#include <daemon.h> -======= #include "tnc_imc_manager.h" #include "tnc_imc.h" @@ -136,6 +130,12 @@ static bool load_imcs(char *filename) } if (!charon->imcs->add(charon->imcs, imc)) { + if (imc->terminate && + imc->terminate(imc->get_id(imc)) != TNC_RESULT_SUCCESS) + { + DBG1(DBG_TNC, "IMC \"%s\" not terminated successfully", + imc->get_name(imc)); + } imc->destroy(imc); return FALSE; } @@ -146,16 +146,17 @@ static bool load_imcs(char *filename) close(fd); return TRUE; } ->>>>>>> upstream/4.5.1 + +METHOD(plugin_t, get_name, char*, + tnc_imc_plugin_t *this) +{ + return "tnc-imc"; +} METHOD(plugin_t, destroy, void, tnc_imc_plugin_t *this) { -<<<<<<< HEAD - libtnc_tncc_Terminate(); -======= charon->imcs->destroy(charon->imcs); ->>>>>>> upstream/4.5.1 free(this); } @@ -164,33 +165,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *tnc_imc_plugin_create() { -<<<<<<< HEAD - char *tnc_config, *pref_lang; -======= char *tnc_config; ->>>>>>> upstream/4.5.1 tnc_imc_plugin_t *this; INIT(this, .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, ); -<<<<<<< HEAD - pref_lang = lib->settings->get_str(lib->settings, - "charon.plugins.tnc-imc.preferred_language", "en"); - tnc_config = lib->settings->get_str(lib->settings, - "charon.plugins.tnc-imc.tnc_config", "/etc/tnc_config"); - - if (libtnc_tncc_Initialize(tnc_config) != TNC_RESULT_SUCCESS) - { - free(this); - DBG1(DBG_TNC, "TNC IMC initialization failed"); - return NULL; - } - -======= /* Create IMC manager */ charon->imcs = tnc_imc_manager_create(); @@ -204,7 +189,6 @@ plugin_t *tnc_imc_plugin_create() free(this); return NULL; } ->>>>>>> upstream/4.5.1 return &this->plugin; } diff --git a/src/libcharon/plugins/tnc_imv/Makefile.am b/src/libcharon/plugins/tnc_imv/Makefile.am index 13e8076cd..3ba283bb7 100644 --- a/src/libcharon/plugins/tnc_imv/Makefile.am +++ b/src/libcharon/plugins/tnc_imv/Makefile.am @@ -1,18 +1,9 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ -<<<<<<< HEAD - -I$(top_srcdir)/src/libcharon `xml2-config --cflags` - -AM_CFLAGS = -rdynamic - -libstrongswan_tnc_imv_la_LIBADD = -ltnc - -======= -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic ->>>>>>> upstream/4.5.1 if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnc-imv.la else @@ -20,13 +11,9 @@ plugin_LTLIBRARIES = libstrongswan-tnc-imv.la endif libstrongswan_tnc_imv_la_SOURCES = \ -<<<<<<< HEAD - tnc_imv_plugin.h tnc_imv_plugin.c -======= tnc_imv_plugin.h tnc_imv_plugin.c tnc_imv.h tnc_imv.c \ tnc_imv_manager.h tnc_imv_manager.c tnc_imv_bind_function.c \ tnc_imv_recommendations.h tnc_imv_recommendations.c ->>>>>>> upstream/4.5.1 libstrongswan_tnc_imv_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/tnc_imv/Makefile.in b/src/libcharon/plugins/tnc_imv/Makefile.in index 10190313b..fb96150f4 100644 --- a/src/libcharon/plugins/tnc_imv/Makefile.in +++ b/src/libcharon/plugins/tnc_imv/Makefile.in @@ -74,15 +74,10 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) -<<<<<<< HEAD -libstrongswan_tnc_imv_la_DEPENDENCIES = -am_libstrongswan_tnc_imv_la_OBJECTS = tnc_imv_plugin.lo -======= libstrongswan_tnc_imv_la_LIBADD = am_libstrongswan_tnc_imv_la_OBJECTS = tnc_imv_plugin.lo tnc_imv.lo \ tnc_imv_manager.lo tnc_imv_bind_function.lo \ tnc_imv_recommendations.lo ->>>>>>> upstream/4.5.1 libstrongswan_tnc_imv_la_OBJECTS = \ $(am_libstrongswan_tnc_imv_la_OBJECTS) libstrongswan_tnc_imv_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -228,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -255,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -273,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -289,16 +278,6 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ -<<<<<<< HEAD - -I$(top_srcdir)/src/libcharon `xml2-config --cflags` - -AM_CFLAGS = -rdynamic -libstrongswan_tnc_imv_la_LIBADD = -ltnc -@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnc-imv.la -@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnc-imv.la -libstrongswan_tnc_imv_la_SOURCES = \ - tnc_imv_plugin.h tnc_imv_plugin.c -======= -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic @@ -308,7 +287,6 @@ libstrongswan_tnc_imv_la_SOURCES = \ tnc_imv_plugin.h tnc_imv_plugin.c tnc_imv.h tnc_imv.c \ tnc_imv_manager.h tnc_imv_manager.c tnc_imv_bind_function.c \ tnc_imv_recommendations.h tnc_imv_recommendations.c ->>>>>>> upstream/4.5.1 libstrongswan_tnc_imv_la_LDFLAGS = -module -avoid-version all: all-am @@ -394,15 +372,11 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -<<<<<<< HEAD -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_plugin.Plo@am__quote@ -======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_bind_function.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_plugin.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnc_imv_recommendations.Plo@am__quote@ ->>>>>>> upstream/4.5.1 .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv.c b/src/libcharon/plugins/tnc_imv/tnc_imv.c index f88b645d6..fe628ee7e 100644 --- a/src/libcharon/plugins/tnc_imv/tnc_imv.c +++ b/src/libcharon/plugins/tnc_imv/tnc_imv.c @@ -19,6 +19,7 @@ #include <debug.h> #include <library.h> +#include <threading/mutex.h> typedef struct private_tnc_imv_t private_tnc_imv_t; @@ -61,6 +62,11 @@ struct private_tnc_imv_t { * Number of supported message types */ TNC_UInt32 type_count; + + /** + * mutex to lock the imv_t object + */ + mutex_t *mutex; }; METHOD(imv_t, set_id, void, @@ -85,6 +91,14 @@ METHOD(imv_t, set_message_types, void, private_tnc_imv_t *this, TNC_MessageTypeList supported_types, TNC_UInt32 type_count) { + char buf[512]; + char *pos = buf; + int len = sizeof(buf); + int written; + + /* lock the imv_t instance */ + this->mutex->lock(this->mutex); + /* Free an existing MessageType list */ free(this->supported_types); this->supported_types = NULL; @@ -95,10 +109,27 @@ METHOD(imv_t, set_message_types, void, { size_t size = type_count * sizeof(TNC_MessageType); + int i; + + for (i = 0; i < type_count; i++) + { + written = snprintf(pos, len, " 0x%08x", supported_types[i]); + if (written >= len) + { + break; + } + pos += written; + len -= written; + } this->supported_types = malloc(size); memcpy(this->supported_types, supported_types, size); } - DBG2(DBG_TNC, "IMV %u supports %u message types", this->id, type_count); + *pos = '\0'; + DBG2(DBG_TNC, "IMV %u supports %u message types:%s", + this->id, type_count, buf); + + /* lock the imv_t instance */ + this->mutex->unlock(this->mutex); } METHOD(imv_t, type_supported, bool, @@ -132,6 +163,7 @@ METHOD(imv_t, destroy, void, private_tnc_imv_t *this) { dlclose(this->handle); + this->mutex->destroy(this->mutex); free(this->supported_types); free(this->name); free(this->path); @@ -156,6 +188,7 @@ imv_t* tnc_imv_create(char *name, char *path) }, .name = name, .path = path, + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), ); this->handle = dlopen(path, RTLD_LAZY); diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c b/src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c index 0ea52f08e..0ed00b001 100644 --- a/src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c +++ b/src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c @@ -28,6 +28,12 @@ TNC_Result TNC_TNCS_ReportMessageTypes(TNC_IMVID imv_id, TNC_MessageTypeList supported_types, TNC_UInt32 type_count) { + if (!charon->imvs->is_registered(charon->imvs, imv_id)) + { + DBG1(DBG_TNC, "ignoring ReportMessageTypes() from unregistered IMV %u", + imv_id); + return TNC_RESULT_INVALID_PARAMETER; + } return charon->imvs->set_message_types(charon->imvs, imv_id, supported_types, type_count); } @@ -39,6 +45,12 @@ TNC_Result TNC_TNCS_RequestHandshakeRetry(TNC_IMVID imv_id, TNC_ConnectionID connection_id, TNC_RetryReason reason) { + if (!charon->imvs->is_registered(charon->imvs, imv_id)) + { + DBG1(DBG_TNC, "ignoring RequestHandshakeRetry() from unregistered IMV %u", + imv_id); + return TNC_RESULT_INVALID_PARAMETER; + } return charon->tnccs->request_handshake_retry(charon->tnccs, FALSE, imv_id, connection_id, reason); } @@ -52,6 +64,12 @@ TNC_Result TNC_TNCS_SendMessage(TNC_IMVID imv_id, TNC_UInt32 msg_len, TNC_MessageType msg_type) { + if (!charon->imvs->is_registered(charon->imvs, imv_id)) + { + DBG1(DBG_TNC, "ignoring SendMessage() from unregistered IMV %u", + imv_id); + return TNC_RESULT_INVALID_PARAMETER; + } return charon->tnccs->send_message(charon->tnccs, TNC_IMCID_ANY, imv_id, connection_id, msg, msg_len, msg_type); } @@ -65,6 +83,12 @@ TNC_Result TNC_TNCS_ProvideRecommendation(TNC_IMVID imv_id, TNC_IMV_Action_Recommendation recommendation, TNC_IMV_Evaluation_Result evaluation) { + if (!charon->imvs->is_registered(charon->imvs, imv_id)) + { + DBG1(DBG_TNC, "ignoring ProvideRecommendation() from unregistered IMV %u", + imv_id); + return TNC_RESULT_INVALID_PARAMETER; + } return charon->tnccs->provide_recommendation(charon->tnccs, imv_id, connection_id, recommendation, evaluation); } @@ -80,6 +104,12 @@ TNC_Result TNC_TNCS_GetAttribute(TNC_IMVID imv_id, TNC_BufferReference buffer, TNC_UInt32 *out_value_len) { + if (!charon->imvs->is_registered(charon->imvs, imv_id)) + { + DBG1(DBG_TNC, "ignoring GetAttribute() from unregistered IMV %u", + imv_id); + return TNC_RESULT_INVALID_PARAMETER; + } return charon->tnccs->get_attribute(charon->tnccs, imv_id, connection_id, attribute_id, buffer_len, buffer, out_value_len); } @@ -94,6 +124,12 @@ TNC_Result TNC_TNCS_SetAttribute(TNC_IMVID imv_id, TNC_UInt32 buffer_len, TNC_BufferReference buffer) { + if (!charon->imvs->is_registered(charon->imvs, imv_id)) + { + DBG1(DBG_TNC, "ignoring SetAttribute() from unregistered IMV %u", + imv_id); + return TNC_RESULT_INVALID_PARAMETER; + } return charon->tnccs->set_attribute(charon->tnccs, imv_id, connection_id, attribute_id, buffer_len, buffer); } diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_manager.c b/src/libcharon/plugins/tnc_imv/tnc_imv_manager.c index 559de86d0..579ab06ff 100644 --- a/src/libcharon/plugins/tnc_imv/tnc_imv_manager.c +++ b/src/libcharon/plugins/tnc_imv/tnc_imv_manager.c @@ -84,7 +84,7 @@ METHOD(imv_manager_t, remove_, imv_t*, private_tnc_imv_manager_t *this, TNC_IMVID id) { enumerator_t *enumerator; - imv_t *imv; + imv_t *imv, *removed_imv = NULL; enumerator = this->imvs->create_enumerator(this->imvs); while (enumerator->enumerate(enumerator, &imv)) @@ -92,11 +92,34 @@ METHOD(imv_manager_t, remove_, imv_t*, if (id == imv->get_id(imv)) { this->imvs->remove_at(this->imvs, enumerator); - return imv; + removed_imv = imv; + break; + } + } + enumerator->destroy(enumerator); + + return removed_imv; +} + +METHOD(imv_manager_t, is_registered, bool, + private_tnc_imv_manager_t *this, TNC_IMVID id) +{ + enumerator_t *enumerator; + imv_t *imv; + bool found = FALSE; + + enumerator = this->imvs->create_enumerator(this->imvs); + while (enumerator->enumerate(enumerator, &imv)) + { + if (id == imv->get_id(imv)) + { + found = TRUE; + break; } } enumerator->destroy(enumerator); - return NULL; + + return found; } METHOD(imv_manager_t, get_recommendation_policy, recommendation_policy_t, @@ -112,36 +135,56 @@ METHOD(imv_manager_t, create_recommendations, recommendations_t*, } METHOD(imv_manager_t, enforce_recommendation, bool, - private_tnc_imv_manager_t *this, TNC_IMV_Action_Recommendation rec) + private_tnc_imv_manager_t *this, TNC_IMV_Action_Recommendation rec, + TNC_IMV_Evaluation_Result eval) { char *group; identification_t *id; ike_sa_t *ike_sa; auth_cfg_t *auth; + bool no_access = FALSE; + + DBG1(DBG_TNC, "final recommendation is '%N' and evaluation is '%N'", + TNC_IMV_Action_Recommendation_names, rec, + TNC_IMV_Evaluation_Result_names, eval); switch (rec) { case TNC_IMV_ACTION_RECOMMENDATION_ALLOW: - DBG1(DBG_TNC, "TNC recommendation is allow"); group = "allow"; break; case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE: - DBG1(DBG_TNC, "TNC recommendation is isolate"); group = "isolate"; break; case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS: case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION: default: - DBG1(DBG_TNC, "TNC recommendation is none"); - return FALSE; + group = "no access"; + no_access = TRUE; + break; } + ike_sa = charon->bus->get_sa(charon->bus); - if (ike_sa) + if (!ike_sa) + { + DBG1(DBG_TNC, "policy enforcement point did not find IKE_SA"); + return FALSE; + } + + id = ike_sa->get_other_id(ike_sa); + DBG0(DBG_TNC, "policy enforced on peer '%Y' is '%s'", id, group); + + if (no_access) { + return FALSE; + } + else + { auth = ike_sa->get_auth_cfg(ike_sa, FALSE); id = identification_create_from_string(group); auth->add(auth, AUTH_RULE_GROUP, id); - DBG1(DBG_TNC, "TNC added group membership '%s'", group); + DBG1(DBG_TNC, "policy enforcement point added group membership '%s'", + group); } return TRUE; } @@ -208,6 +251,7 @@ METHOD(imv_manager_t, receive_message, void, TNC_UInt32 message_len, TNC_MessageType message_type) { + bool type_supported = FALSE; enumerator_t *enumerator; imv_t *imv; @@ -216,11 +260,16 @@ METHOD(imv_manager_t, receive_message, void, { if (imv->receive_message && imv->type_supported(imv, message_type)) { + type_supported = TRUE; imv->receive_message(imv->get_id(imv), connection_id, message, message_len, message_type); } } enumerator->destroy(enumerator); + if (!type_supported) + { + DBG2(DBG_TNC, "message type 0x%08x not supported by any IMV", message_type); + } } METHOD(imv_manager_t, batch_ending, void, @@ -271,6 +320,7 @@ imv_manager_t* tnc_imv_manager_create(void) .public = { .add = _add, .remove = _remove_, /* avoid name conflict with stdio.h */ + .is_registered = _is_registered, .get_recommendation_policy = _get_recommendation_policy, .create_recommendations = _create_recommendations, .enforce_recommendation = _enforce_recommendation, diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c b/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c index 24fde3797..45cf95c1b 100644 --- a/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c +++ b/src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c @@ -14,12 +14,6 @@ */ #include "tnc_imv_plugin.h" -<<<<<<< HEAD - -#include <libtnctncs.h> - -#include <daemon.h> -======= #include "tnc_imv_manager.h" #include "tnc_imv.h" @@ -136,6 +130,12 @@ static bool load_imvs(char *filename) } if (!charon->imvs->add(charon->imvs, imv)) { + if (imv->terminate && + imv->terminate(imv->get_id(imv)) != TNC_RESULT_SUCCESS) + { + DBG1(DBG_TNC, "IMV \"%s\" not terminated successfully", + imv->get_name(imv)); + } imv->destroy(imv); return FALSE; } @@ -146,16 +146,17 @@ static bool load_imvs(char *filename) close(fd); return TRUE; } ->>>>>>> upstream/4.5.1 + +METHOD(plugin_t, get_name, char*, + tnc_imv_plugin_t *this) +{ + return "tnc-imv"; +} METHOD(plugin_t, destroy, void, tnc_imv_plugin_t *this) { -<<<<<<< HEAD - libtnc_tncs_Terminate(); -======= charon->imvs->destroy(charon->imvs); ->>>>>>> upstream/4.5.1 free(this); } @@ -169,21 +170,14 @@ plugin_t *tnc_imv_plugin_create() INIT(this, .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, ); tnc_config = lib->settings->get_str(lib->settings, "charon.plugins.tnc-imv.tnc_config", "/etc/tnc_config"); -<<<<<<< HEAD - if (libtnc_tncs_Initialize(tnc_config) != TNC_RESULT_SUCCESS) - { - free(this); - DBG1(DBG_TNC, "TNC IMV initialization failed"); - return NULL; - } - -======= /* Create IMV manager */ charon->imvs = tnc_imv_manager_create(); @@ -196,7 +190,6 @@ plugin_t *tnc_imv_plugin_create() free(this); return NULL; } ->>>>>>> upstream/4.5.1 return &this->plugin; } diff --git a/src/libcharon/plugins/tnccs_11/Makefile.am b/src/libcharon/plugins/tnccs_11/Makefile.am index 1a034e25b..1042c3514 100644 --- a/src/libcharon/plugins/tnccs_11/Makefile.am +++ b/src/libcharon/plugins/tnccs_11/Makefile.am @@ -1,31 +1,15 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ -<<<<<<< HEAD - -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \ - `xml2-config --cflags` - -AM_CFLAGS = -rdynamic - -libstrongswan_tnccs_11_la_LIBADD = -ltnc -======= -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls ${xml_CFLAGS} AM_CFLAGS = -rdynamic libstrongswan_tnccs_11_la_LIBADD = ${xml_LIBS} ->>>>>>> upstream/4.5.1 if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-11.la else plugin_LTLIBRARIES = libstrongswan-tnccs-11.la -<<<<<<< HEAD -libstrongswan_tnccs_11_la_LIBADD += $(top_builddir)/src/libtls/libtls.la -endif - -libstrongswan_tnccs_11_la_SOURCES = \ - tnccs_11_plugin.h tnccs_11_plugin.c tnccs_11.h tnccs_11.c -======= endif libstrongswan_tnccs_11_la_SOURCES = \ @@ -38,7 +22,6 @@ libstrongswan_tnccs_11_la_SOURCES = \ messages/tnccs_reason_strings_msg.h messages/tnccs_reason_strings_msg.c \ messages/tnccs_recommendation_msg.h messages/tnccs_recommendation_msg.c \ messages/tnccs_tncs_contact_info_msg.h messages/tnccs_tncs_contact_info_msg.c ->>>>>>> upstream/4.5.1 libstrongswan_tnccs_11_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/tnccs_11/Makefile.in b/src/libcharon/plugins/tnccs_11/Makefile.in index a39745773..308dd57ca 100644 --- a/src/libcharon/plugins/tnccs_11/Makefile.in +++ b/src/libcharon/plugins/tnccs_11/Makefile.in @@ -34,10 +34,6 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -<<<<<<< HEAD -@MONOLITHIC_FALSE@am__append_1 = $(top_builddir)/src/libtls/libtls.la -======= ->>>>>>> upstream/4.5.1 subdir = src/libcharon/plugins/tnccs_11 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -78,17 +74,12 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) -<<<<<<< HEAD -libstrongswan_tnccs_11_la_DEPENDENCIES = $(am__append_1) -am_libstrongswan_tnccs_11_la_OBJECTS = tnccs_11_plugin.lo tnccs_11.lo -======= am__DEPENDENCIES_1 = libstrongswan_tnccs_11_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libstrongswan_tnccs_11_la_OBJECTS = tnccs_11_plugin.lo tnccs_11.lo \ tnccs_batch.lo tnccs_msg.lo imc_imv_msg.lo tnccs_error_msg.lo \ tnccs_preferred_language_msg.lo tnccs_reason_strings_msg.lo \ tnccs_recommendation_msg.lo tnccs_tncs_contact_info_msg.lo ->>>>>>> upstream/4.5.1 libstrongswan_tnccs_11_la_OBJECTS = \ $(am_libstrongswan_tnccs_11_la_OBJECTS) libstrongswan_tnccs_11_la_LINK = $(LIBTOOL) --tag=CC \ @@ -235,13 +226,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,6 +247,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -280,14 +267,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -296,17 +281,6 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ -<<<<<<< HEAD - -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \ - `xml2-config --cflags` - -AM_CFLAGS = -rdynamic -libstrongswan_tnccs_11_la_LIBADD = -ltnc $(am__append_1) -@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnccs-11.la -@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnccs-11.la -libstrongswan_tnccs_11_la_SOURCES = \ - tnccs_11_plugin.h tnccs_11_plugin.c tnccs_11.h tnccs_11.c -======= -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls ${xml_CFLAGS} AM_CFLAGS = -rdynamic @@ -323,7 +297,6 @@ libstrongswan_tnccs_11_la_SOURCES = \ messages/tnccs_reason_strings_msg.h messages/tnccs_reason_strings_msg.c \ messages/tnccs_recommendation_msg.h messages/tnccs_recommendation_msg.c \ messages/tnccs_tncs_contact_info_msg.h messages/tnccs_tncs_contact_info_msg.c ->>>>>>> upstream/4.5.1 libstrongswan_tnccs_11_la_LDFLAGS = -module -avoid-version all: all-am @@ -409,10 +382,6 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -<<<<<<< HEAD -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_11.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_11_plugin.Plo@am__quote@ -======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_imv_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_11.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_11_plugin.Plo@am__quote@ @@ -423,7 +392,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_reason_strings_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_recommendation_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_tncs_contact_info_msg.Plo@am__quote@ ->>>>>>> upstream/4.5.1 .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -446,8 +414,6 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -<<<<<<< HEAD -======= tnccs_batch.lo: batch/tnccs_batch.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tnccs_batch.lo -MD -MP -MF $(DEPDIR)/tnccs_batch.Tpo -c -o tnccs_batch.lo `test -f 'batch/tnccs_batch.c' || echo '$(srcdir)/'`batch/tnccs_batch.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tnccs_batch.Tpo $(DEPDIR)/tnccs_batch.Plo @@ -504,7 +470,6 @@ tnccs_tncs_contact_info_msg.lo: messages/tnccs_tncs_contact_info_msg.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tnccs_tncs_contact_info_msg.lo `test -f 'messages/tnccs_tncs_contact_info_msg.c' || echo '$(srcdir)/'`messages/tnccs_tncs_contact_info_msg.c ->>>>>>> upstream/4.5.1 mostlyclean-libtool: -rm -f *.lo diff --git a/src/libcharon/plugins/tnccs_11/tnccs_11.c b/src/libcharon/plugins/tnccs_11/tnccs_11.c index 012a3ce6e..86f1c269f 100644 --- a/src/libcharon/plugins/tnccs_11/tnccs_11.c +++ b/src/libcharon/plugins/tnccs_11/tnccs_11.c @@ -14,83 +14,6 @@ */ #include "tnccs_11.h" -<<<<<<< HEAD - -#include <libtnctncc.h> -#include <libtnctncs.h> - -#include <daemon.h> -#include <debug.h> - -#define TNC_SEND_BUFFER_SIZE 32 - -static chunk_t tnc_send_buffer[TNC_SEND_BUFFER_SIZE]; - -/** - * Buffers TNCCS batch to be sent (TODO make the buffer scalable) - */ -static TNC_Result buffer_batch(u_int32_t id, const char *data, size_t len) -{ - if (id >= TNC_SEND_BUFFER_SIZE) - { - DBG1(DBG_TNC, "TNCCS Batch for Connection ID %u cannot be stored in " - "send buffer with size %d", id, TNC_SEND_BUFFER_SIZE); - return TNC_RESULT_FATAL; - } - if (tnc_send_buffer[id].ptr) - { - DBG1(DBG_TNC, "send buffer slot for Connection ID %u is already " - "occupied", id); - return TNC_RESULT_FATAL; - } - tnc_send_buffer[id] = chunk_alloc(len); - memcpy(tnc_send_buffer[id].ptr, data, len); - - return TNC_RESULT_SUCCESS; -} - -/** - * Retrieves TNCCS batch to be sent - */ -static bool retrieve_batch(u_int32_t id, chunk_t *batch) -{ - if (id >= TNC_SEND_BUFFER_SIZE) - { - DBG1(DBG_TNC, "TNCCS Batch for Connection ID %u cannot be retrieved from " - "send buffer with size %d", id, TNC_SEND_BUFFER_SIZE); - return FALSE; - } - - *batch = tnc_send_buffer[id]; - return TRUE; -} - -/** - * Frees TNCCS batch that was sent - */ -static void free_batch(u_int32_t id) -{ - if (id < TNC_SEND_BUFFER_SIZE) - { - chunk_free(&tnc_send_buffer[id]); - } -} - -/** - * Define callback functions called by the libtnc library - */ -TNC_Result TNC_TNCC_SendBatch(libtnc_tncc_connection* conn, - const char* messageBuffer, size_t messageLength) -{ - return buffer_batch(conn->connectionID, messageBuffer, messageLength); -} - -TNC_Result TNC_TNCS_SendBatch(libtnc_tncs_connection* conn, - const char* messageBuffer, size_t messageLength) -{ - return buffer_batch(conn->connectionID, messageBuffer, messageLength); -} -======= #include "batch/tnccs_batch.h" #include "messages/tnccs_msg.h" #include "messages/imc_imv_msg.h" @@ -105,7 +28,6 @@ TNC_Result TNC_TNCS_SendBatch(libtnc_tncs_connection* conn, #include <tnc/tncif.h> #include <tnc/tncifimv.h> #include <tnc/tnccs/tnccs.h> ->>>>>>> upstream/4.5.1 typedef struct private_tnccs_11_t private_tnccs_11_t; @@ -125,118 +47,6 @@ struct private_tnccs_11_t { bool is_server; /** -<<<<<<< HEAD - * TNCC Connection to IMCs - */ - libtnc_tncc_connection* tncc_connection; - - /** - * TNCS Connection to IMVs - */ - libtnc_tncs_connection* tncs_connection; -}; - -METHOD(tls_t, process, status_t, - private_tnccs_11_t *this, void *buf, size_t buflen) -{ - u_int32_t conn_id; - - if (this->is_server && !this->tncs_connection) - { - this->tncs_connection = libtnc_tncs_CreateConnection(NULL); - if (!this->tncs_connection) - { - DBG1(DBG_TNC, "TNCS CreateConnection failed"); - return FAILED; - } - DBG1(DBG_TNC, "assigned TNCS Connection ID %u", - this->tncs_connection->connectionID); - if (libtnc_tncs_BeginSession(this->tncs_connection) != TNC_RESULT_SUCCESS) - { - DBG1(DBG_TNC, "TNCS BeginSession failed"); - return FAILED; - } - } - conn_id = this->is_server ? this->tncs_connection->connectionID - : this->tncc_connection->connectionID; - - DBG1(DBG_TNC, "received TNCCS Batch (%u bytes) for Connection ID %u", - buflen, conn_id); - DBG3(DBG_TNC, "%.*s", buflen, buf); - - if (this->is_server) - { - if (libtnc_tncs_ReceiveBatch(this->tncs_connection, buf, buflen) != - TNC_RESULT_SUCCESS) - { - DBG1(DBG_TNC, "TNCS ReceiveBatch failed"); - return FAILED; - } - } - else - { - if (libtnc_tncc_ReceiveBatch(this->tncc_connection, buf, buflen) != - TNC_RESULT_SUCCESS) - { - DBG1(DBG_TNC, "TNCC ReceiveBatch failed"); - return FAILED; - } - } - return NEED_MORE; -} - -METHOD(tls_t, build, status_t, - private_tnccs_11_t *this, void *buf, size_t *buflen, size_t *msglen) -{ - chunk_t batch; - u_int32_t conn_id; - size_t len; - - if (!this->is_server && !this->tncc_connection) - { - this->tncc_connection = libtnc_tncc_CreateConnection(NULL); - if (!this->tncc_connection) - { - DBG1(DBG_TNC, "TNCC CreateConnection failed"); - return FAILED; - } - DBG1(DBG_TNC, "assigned TNCC Connection ID %u", - this->tncc_connection->connectionID); - if (libtnc_tncc_BeginSession(this->tncc_connection) != TNC_RESULT_SUCCESS) - { - DBG1(DBG_TNC, "TNCC BeginSession failed"); - return FAILED; - } - } - conn_id = this->is_server ? this->tncs_connection->connectionID - : this->tncc_connection->connectionID; - - if (!retrieve_batch(conn_id, &batch)) - { - return FAILED; - } - len = *buflen; - len = min(len, batch.len); - *buflen = len; - if (msglen) - { - *msglen = batch.len; - } - - if (batch.len) - { - DBG1(DBG_TNC, "sending TNCCS Batch (%d bytes) for Connection ID %u", - batch.len, conn_id); - DBG3(DBG_TNC, "%.*s", batch.len, batch.ptr); - memcpy(buf, batch.ptr, len); - free_batch(conn_id); - return ALREADY_DONE; - } - else - { - return INVALID_STATE; - } -======= * Connection ID assigned to this TNCCS connection */ TNC_ConnectionID connection_id; @@ -267,6 +77,11 @@ METHOD(tls_t, build, status_t, bool delete_state; /** + * SendMessage() by IMC/IMV only allowed if flag is set + */ + bool send_msg; + + /** * Flag set by IMC/IMV RequestHandshakeRetry() function */ bool request_handshake_retry; @@ -277,7 +92,7 @@ METHOD(tls_t, build, status_t, recommendations_t *recs; }; -METHOD(tnccs_t, send_msg, void, +METHOD(tnccs_t, send_msg, TNC_Result, private_tnccs_11_t* this, TNC_IMCID imc_id, TNC_IMVID imv_id, TNC_BufferReference msg, TNC_UInt32 msg_len, @@ -285,6 +100,13 @@ METHOD(tnccs_t, send_msg, void, { tnccs_msg_t *tnccs_msg; + if (!this->send_msg) + { + DBG1(DBG_TNC, "%s %u not allowed to call SendMessage()", + this->is_server ? "IMV" : "IMC", + this->is_server ? imv_id : imc_id); + return TNC_RESULT_ILLEGAL_OPERATION; + } tnccs_msg = imc_imv_msg_create(msg_type, chunk_create(msg, msg_len)); /* adding an IMC-IMV Message to TNCCS batch */ @@ -295,6 +117,7 @@ METHOD(tnccs_t, send_msg, void, } this->batch->add_msg(this->batch, tnccs_msg); this->mutex->unlock(this->mutex); + return TNC_RESULT_SUCCESS; } /** @@ -316,6 +139,7 @@ static void handle_message(private_tnccs_11_t *this, tnccs_msg_t *msg) DBG2(DBG_TNC, "handling IMC_IMV message type 0x%08x", msg_type); + this->send_msg = TRUE; if (this->is_server) { charon->imvs->receive_message(charon->imvs, @@ -326,6 +150,7 @@ static void handle_message(private_tnccs_11_t *this, tnccs_msg_t *msg) charon->imcs->receive_message(charon->imcs, this->connection_id, msg_body.ptr, msg_body.len,msg_type); } + this->send_msg = FALSE; break; } case TNCCS_MSG_RECOMMENDATION: @@ -427,6 +252,8 @@ METHOD(tls_t, process, status_t, } charon->imvs->notify_connection_change(charon->imvs, this->connection_id, TNC_CONNECTION_STATE_CREATE); + charon->imvs->notify_connection_change(charon->imvs, + this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE); } data = chunk_create(buf, buflen); @@ -474,6 +301,7 @@ METHOD(tls_t, process, status_t, return FAILED; } + this->send_msg = TRUE; if (this->is_server) { charon->imvs->batch_ending(charon->imvs, this->connection_id); @@ -482,6 +310,7 @@ METHOD(tls_t, process, status_t, { charon->imcs->batch_ending(charon->imcs, this->connection_id); } + this->send_msg = FALSE; } batch->destroy(batch); @@ -559,13 +388,15 @@ METHOD(tls_t, build, status_t, this->connection_id, TNC_CONNECTION_STATE_CREATE); charon->imcs->notify_connection_change(charon->imcs, this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE); + this->send_msg = TRUE; charon->imcs->begin_handshake(charon->imcs, this->connection_id); + this->send_msg = FALSE; } /* Do not allow any asynchronous IMCs or IMVs to add additional messages */ this->mutex->lock(this->mutex); - if (this->is_server && !this->delete_state && + if (this->recs && !this->delete_state && (!this->batch || this->fatal_error)) { check_and_build_recommendation(this); @@ -603,7 +434,6 @@ METHOD(tls_t, build, status_t, this->mutex->unlock(this->mutex); return status; ->>>>>>> upstream/4.5.1 } METHOD(tls_t, is_server, bool, @@ -623,50 +453,10 @@ METHOD(tls_t, is_complete, bool, { TNC_IMV_Action_Recommendation rec; TNC_IMV_Evaluation_Result eval; -<<<<<<< HEAD - char *group; - identification_t *id; - ike_sa_t *ike_sa; - auth_cfg_t *auth; - - if (libtnc_tncs_HaveRecommendation(this->tncs_connection, &rec, &eval) == - TNC_RESULT_SUCCESS) - { - switch (rec) - { - case TNC_IMV_ACTION_RECOMMENDATION_ALLOW: - DBG1(DBG_TNC, "TNC recommendation is allow"); - group = "allow"; - break; - case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE: - DBG1(DBG_TNC, "TNC recommendation is isolate"); - group = "isolate"; - break; - case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS: - case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION: - default: - DBG1(DBG_TNC, "TNC recommendation is none"); - return FALSE; - } - ike_sa = charon->bus->get_sa(charon->bus); - if (ike_sa) - { - auth = ike_sa->get_auth_cfg(ike_sa, FALSE); - id = identification_create_from_string(group); - auth->add(auth, AUTH_RULE_GROUP, id); - DBG1(DBG_TNC, "added group membership '%s' based on TNC recommendation", group); - } - return TRUE; -======= if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval)) { - DBG2(DBG_TNC, "Final recommendation is '%N' and evaluation is '%N'", - TNC_IMV_Action_Recommendation_names, rec, - TNC_IMV_Evaluation_Result_names, eval); - - return charon->imvs->enforce_recommendation(charon->imvs, rec); ->>>>>>> upstream/4.5.1 + return charon->imvs->enforce_recommendation(charon->imvs, rec, eval); } else { @@ -683,35 +473,10 @@ METHOD(tls_t, get_eap_msk, chunk_t, METHOD(tls_t, destroy, void, private_tnccs_11_t *this) { - if (this->is_server) - { -<<<<<<< HEAD - if (this->tncs_connection) - { - libtnc_tncs_DeleteConnection(this->tncs_connection); - } - } - else - { - if (this->tncc_connection) - { - libtnc_tncc_DeleteConnection(this->tncc_connection); - } - libtnc_tncc_Terminate(); - } -======= - charon->imvs->notify_connection_change(charon->imvs, - this->connection_id, TNC_CONNECTION_STATE_DELETE); - } - else - { - charon->imcs->notify_connection_change(charon->imcs, - this->connection_id, TNC_CONNECTION_STATE_DELETE); - } - charon->tnccs->remove_connection(charon->tnccs, this->connection_id); + charon->tnccs->remove_connection(charon->tnccs, this->connection_id, + this->is_server); this->mutex->destroy(this->mutex); DESTROY_IF(this->batch); ->>>>>>> upstream/4.5.1 free(this); } @@ -733,10 +498,7 @@ tls_t *tnccs_11_create(bool is_server) .destroy = _destroy, }, .is_server = is_server, -<<<<<<< HEAD -======= .mutex = mutex_create(MUTEX_TYPE_DEFAULT), ->>>>>>> upstream/4.5.1 ); return &this->public; diff --git a/src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c b/src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c index 03905ca37..9ec91f006 100644 --- a/src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c +++ b/src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c @@ -18,6 +18,12 @@ #include <daemon.h> +METHOD(plugin_t, get_name, char*, + tnccs_11_plugin_t *this) +{ + return "tnccs-11"; +} + METHOD(plugin_t, destroy, void, tnccs_11_plugin_t *this) { @@ -35,11 +41,13 @@ plugin_t *tnccs_11_plugin_create() INIT(this, .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, ); - charon->tnccs->add_method(charon->tnccs, TNCCS_1_1, + charon->tnccs->add_method(charon->tnccs, TNCCS_1_1, (tnccs_constructor_t)tnccs_11_create); return &this->plugin; diff --git a/src/libcharon/plugins/tnccs_20/Makefile.am b/src/libcharon/plugins/tnccs_20/Makefile.am index 14f02a682..d72fd3e34 100644 --- a/src/libcharon/plugins/tnccs_20/Makefile.am +++ b/src/libcharon/plugins/tnccs_20/Makefile.am @@ -1,33 +1,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ -<<<<<<< HEAD - -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \ - `xml2-config --cflags` - -AM_CFLAGS = -rdynamic - -libstrongswan_tnccs_20_la_LIBADD = -ltnc - -======= -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls AM_CFLAGS = -rdynamic ->>>>>>> upstream/4.5.1 if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-20.la else plugin_LTLIBRARIES = libstrongswan-tnccs-20.la -<<<<<<< HEAD -libstrongswan_tnccs_20_la_LIBADD += $(top_builddir)/src/libtls/libtls.la -endif - -libstrongswan_tnccs_20_la_SOURCES = \ - tnccs_20_plugin.h tnccs_20_plugin.c tnccs_20.h tnccs_20.c - -libstrongswan_tnccs_20_la_LDFLAGS = -module -avoid-version - -======= libstrongswan_tnccs_20_la_LIBADD = $(top_builddir)/src/libtls/libtls.la endif @@ -46,4 +26,3 @@ libstrongswan_tnccs_20_la_SOURCES = \ state_machine/pb_tnc_state_machine.h state_machine/pb_tnc_state_machine.c libstrongswan_tnccs_20_la_LDFLAGS = -module -avoid-version ->>>>>>> upstream/4.5.1 diff --git a/src/libcharon/plugins/tnccs_20/Makefile.in b/src/libcharon/plugins/tnccs_20/Makefile.in index bb0c419f4..bbfcc2760 100644 --- a/src/libcharon/plugins/tnccs_20/Makefile.in +++ b/src/libcharon/plugins/tnccs_20/Makefile.in @@ -34,10 +34,6 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -<<<<<<< HEAD -@MONOLITHIC_FALSE@am__append_1 = $(top_builddir)/src/libtls/libtls.la -======= ->>>>>>> upstream/4.5.1 subdir = src/libcharon/plugins/tnccs_20 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -78,10 +74,6 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) -<<<<<<< HEAD -libstrongswan_tnccs_20_la_DEPENDENCIES = $(am__append_1) -am_libstrongswan_tnccs_20_la_OBJECTS = tnccs_20_plugin.lo tnccs_20.lo -======= @MONOLITHIC_FALSE@libstrongswan_tnccs_20_la_DEPENDENCIES = \ @MONOLITHIC_FALSE@ $(top_builddir)/src/libtls/libtls.la am_libstrongswan_tnccs_20_la_OBJECTS = tnccs_20_plugin.lo tnccs_20.lo \ @@ -90,7 +82,6 @@ am_libstrongswan_tnccs_20_la_OBJECTS = tnccs_20_plugin.lo tnccs_20.lo \ pb_access_recommendation_msg.lo pb_error_msg.lo \ pb_language_preference_msg.lo pb_reason_string_msg.lo \ pb_remediation_parameters_msg.lo pb_tnc_state_machine.lo ->>>>>>> upstream/4.5.1 libstrongswan_tnccs_20_la_OBJECTS = \ $(am_libstrongswan_tnccs_20_la_OBJECTS) libstrongswan_tnccs_20_la_LINK = $(LIBTOOL) --tag=CC \ @@ -237,13 +228,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,6 +249,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -282,14 +269,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -298,17 +283,6 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ -<<<<<<< HEAD - -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \ - `xml2-config --cflags` - -AM_CFLAGS = -rdynamic -libstrongswan_tnccs_20_la_LIBADD = -ltnc $(am__append_1) -@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnccs-20.la -@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnccs-20.la -libstrongswan_tnccs_20_la_SOURCES = \ - tnccs_20_plugin.h tnccs_20_plugin.c tnccs_20.h tnccs_20.c -======= -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls AM_CFLAGS = -rdynamic @@ -328,7 +302,6 @@ libstrongswan_tnccs_20_la_SOURCES = \ messages/pb_reason_string_msg.h messages/pb_reason_string_msg.c \ messages/pb_remediation_parameters_msg.h messages/pb_remediation_parameters_msg.c \ state_machine/pb_tnc_state_machine.h state_machine/pb_tnc_state_machine.c ->>>>>>> upstream/4.5.1 libstrongswan_tnccs_20_la_LDFLAGS = -module -avoid-version all: all-am @@ -414,8 +387,6 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -<<<<<<< HEAD -======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_access_recommendation_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_assessment_result_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_error_msg.Plo@am__quote@ @@ -427,7 +398,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_tnc_batch.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_tnc_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pb_tnc_state_machine.Plo@am__quote@ ->>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_20.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tnccs_20_plugin.Plo@am__quote@ @@ -452,8 +422,6 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -<<<<<<< HEAD -======= pb_tnc_batch.lo: batch/pb_tnc_batch.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pb_tnc_batch.lo -MD -MP -MF $(DEPDIR)/pb_tnc_batch.Tpo -c -o pb_tnc_batch.lo `test -f 'batch/pb_tnc_batch.c' || echo '$(srcdir)/'`batch/pb_tnc_batch.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pb_tnc_batch.Tpo $(DEPDIR)/pb_tnc_batch.Plo @@ -531,7 +499,6 @@ pb_tnc_state_machine.lo: state_machine/pb_tnc_state_machine.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pb_tnc_state_machine.lo `test -f 'state_machine/pb_tnc_state_machine.c' || echo '$(srcdir)/'`state_machine/pb_tnc_state_machine.c ->>>>>>> upstream/4.5.1 mostlyclean-libtool: -rm -f *.lo diff --git a/src/libcharon/plugins/tnccs_20/state_machine/pb_tnc_state_machine.c b/src/libcharon/plugins/tnccs_20/state_machine/pb_tnc_state_machine.c index a46dc0ab9..f0cf14ac1 100644 --- a/src/libcharon/plugins/tnccs_20/state_machine/pb_tnc_state_machine.c +++ b/src/libcharon/plugins/tnccs_20/state_machine/pb_tnc_state_machine.c @@ -107,7 +107,8 @@ METHOD(pb_tnc_state_machine_t, receive_batch, bool, } return FALSE; case PB_STATE_SERVER_WORKING: - if (!this->is_server && type == PB_BATCH_SDATA) + if (!this->is_server && (type == PB_BATCH_SDATA || + type == PB_BATCH_SRETRY)) { this->state = PB_STATE_CLIENT_WORKING; break; @@ -117,8 +118,7 @@ METHOD(pb_tnc_state_machine_t, receive_batch, bool, this->state = PB_STATE_DECIDED; break; } - if ((this->is_server && type == PB_BATCH_CRETRY) || - (!this->is_server && type == PB_BATCH_SRETRY)) + if (this->is_server && type == PB_BATCH_CRETRY) { break; } @@ -198,7 +198,8 @@ METHOD(pb_tnc_state_machine_t, send_batch, bool, } return FALSE; case PB_STATE_SERVER_WORKING: - if (this->is_server && type == PB_BATCH_SDATA) + if (this->is_server && (type == PB_BATCH_SDATA || + type == PB_BATCH_SRETRY)) { this->state = PB_STATE_CLIENT_WORKING; break; @@ -208,7 +209,7 @@ METHOD(pb_tnc_state_machine_t, send_batch, bool, this->state = PB_STATE_DECIDED; break; } - if (this->is_server && type == PB_BATCH_SRETRY) + if (!this->is_server && type == PB_BATCH_CRETRY) { break; } @@ -219,11 +220,16 @@ METHOD(pb_tnc_state_machine_t, send_batch, bool, } return FALSE; case PB_STATE_CLIENT_WORKING: - if (!this->is_server && type == PB_BATCH_CDATA) + if (!this->is_server && (type == PB_BATCH_CDATA || + type == PB_BATCH_CRETRY)) { this->state = PB_STATE_SERVER_WORKING; break; } + if (this->is_server && type == PB_BATCH_SRETRY) + { + break; + } if (type == PB_BATCH_CLOSE) { this->state = PB_STATE_END; diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20.c b/src/libcharon/plugins/tnccs_20/tnccs_20.c index 28cfa2cbc..9e2081d46 100644 --- a/src/libcharon/plugins/tnccs_20/tnccs_20.c +++ b/src/libcharon/plugins/tnccs_20/tnccs_20.c @@ -1,8 +1,5 @@ /* -<<<<<<< HEAD -======= * Copyright (C) 2010 Sansar Choinyanbuu ->>>>>>> upstream/4.5.1 * Copyright (C) 2010 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -18,12 +15,6 @@ */ #include "tnccs_20.h" -<<<<<<< HEAD - -#include <debug.h> - -static chunk_t tncc_output; -======= #include "batch/pb_tnc_batch.h" #include "messages/pb_tnc_msg.h" #include "messages/pb_pa_msg.h" @@ -41,7 +32,6 @@ static chunk_t tncc_output; #include <tnc/tncif.h> #include <tnc/tncifimv.h> #include <tnc/tnccs/tnccs.h> ->>>>>>> upstream/4.5.1 typedef struct private_tnccs_20_t private_tnccs_20_t; @@ -59,20 +49,6 @@ struct private_tnccs_20_t { * TNCC if TRUE, TNCS if FALSE */ bool is_server; -<<<<<<< HEAD -}; - -METHOD(tls_t, process, status_t, - private_tnccs_20_t *this, void *buf, size_t buflen) -{ - return NEED_MORE; -} - -METHOD(tls_t, build, status_t, - private_tnccs_20_t *this, void *buf, size_t *buflen, size_t *msglen) -{ - return ALREADY_DONE; -======= /** * PB-TNC State Machine @@ -105,12 +81,17 @@ METHOD(tls_t, build, status_t, bool request_handshake_retry; /** + * SendMessage() by IMC/IMV only allowed if flag is set + */ + bool send_msg; + + /** * Set of IMV recommendations (TNC Server only) */ recommendations_t *recs; }; -METHOD(tnccs_t, send_msg, void, +METHOD(tnccs_t, send_msg, TNC_Result, private_tnccs_20_t* this, TNC_IMCID imc_id, TNC_IMVID imv_id, TNC_BufferReference msg, TNC_UInt32 msg_len, @@ -121,6 +102,14 @@ METHOD(tnccs_t, send_msg, void, pb_tnc_msg_t *pb_tnc_msg; pb_tnc_batch_type_t batch_type; + if (!this->send_msg) + { + DBG1(DBG_TNC, "%s %u not allowed to call SendMessage()", + this->is_server ? "IMV" : "IMC", + this->is_server ? imv_id : imc_id); + return TNC_RESULT_ILLEGAL_OPERATION; + } + msg_sub_type = msg_type & TNC_SUBTYPE_ANY; msg_vendor_id = (msg_type >> 8) & TNC_VENDORID_ANY; @@ -143,6 +132,7 @@ METHOD(tnccs_t, send_msg, void, pb_tnc_msg->destroy(pb_tnc_msg); } this->mutex->unlock(this->mutex); + return TNC_RESULT_SUCCESS; } /** @@ -169,6 +159,7 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg) DBG2(DBG_TNC, "handling PB-PA message type 0x%08x", msg_type); + this->send_msg = TRUE; if (this->is_server) { charon->imvs->receive_message(charon->imvs, @@ -179,6 +170,7 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg) charon->imcs->receive_message(charon->imcs, this->connection_id, msg_body.ptr, msg_body.len,msg_type); } + this->send_msg = FALSE; break; } case PB_MSG_ASSESSMENT_RESULT: @@ -313,14 +305,21 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg) */ static void build_retry_batch(private_tnccs_20_t *this) { + pb_tnc_batch_type_t batch_retry_type; + + batch_retry_type = this->is_server ? PB_BATCH_SRETRY : PB_BATCH_CRETRY; if (this->batch) { + if (this->batch->get_type(this->batch) == batch_retry_type) + { + /* retry batch has already been created */ + return; + } DBG1(DBG_TNC, "cancelling PB-TNC %N batch", pb_tnc_batch_type_names, this->batch->get_type(this->batch)); this->batch->destroy(this->batch); } - this->batch = pb_tnc_batch_create(this->is_server, - this->is_server ? PB_BATCH_SRETRY : PB_BATCH_CRETRY); + this->batch = pb_tnc_batch_create(this->is_server, batch_retry_type); } METHOD(tls_t, process, status_t, @@ -343,6 +342,8 @@ METHOD(tls_t, process, status_t, } charon->imvs->notify_connection_change(charon->imvs, this->connection_id, TNC_CONNECTION_STATE_CREATE); + charon->imvs->notify_connection_change(charon->imvs, + this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE); } data = chunk_create(buf, buflen); @@ -373,7 +374,9 @@ METHOD(tls_t, process, status_t, /* Restart the measurements */ charon->imcs->notify_connection_change(charon->imcs, this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE); + this->send_msg = TRUE; charon->imcs->begin_handshake(charon->imcs, this->connection_id); + this->send_msg = FALSE; } enumerator = batch->create_msg_enumerator(batch); @@ -400,6 +403,7 @@ METHOD(tls_t, process, status_t, } } + this->send_msg = TRUE; if (this->is_server) { charon->imvs->batch_ending(charon->imvs, this->connection_id); @@ -408,6 +412,7 @@ METHOD(tls_t, process, status_t, { charon->imcs->batch_ending(charon->imcs, this->connection_id); } + this->send_msg = FALSE; } switch (status) @@ -487,6 +492,7 @@ METHOD(tls_t, build, status_t, private_tnccs_20_t *this, void *buf, size_t *buflen, size_t *msglen) { status_t status; + pb_tnc_state_t state; /* Initialize the connection */ if (!this->is_server && !this->connection_id) @@ -515,11 +521,14 @@ METHOD(tls_t, build, status_t, this->connection_id, TNC_CONNECTION_STATE_CREATE); charon->imcs->notify_connection_change(charon->imcs, this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE); + this->send_msg = TRUE; charon->imcs->begin_handshake(charon->imcs, this->connection_id); + this->send_msg = FALSE; } - if (this->is_server && this->fatal_error && - this->state_machine->get_state(this->state_machine) == PB_STATE_END) + state = this->state_machine->get_state(this->state_machine); + + if (this->is_server && this->fatal_error && state == PB_STATE_END) { DBG1(DBG_TNC, "a fatal PB-TNC error occurred, terminating connection"); return FAILED; @@ -530,7 +539,10 @@ METHOD(tls_t, build, status_t, if (this->request_handshake_retry) { - build_retry_batch(this); + if (state != PB_STATE_INIT) + { + build_retry_batch(this); + } /* Reset the flag for the next handshake retry request */ this->request_handshake_retry = FALSE; @@ -538,9 +550,6 @@ METHOD(tls_t, build, status_t, if (!this->batch) { - pb_tnc_state_t state; - - state = this->state_machine->get_state(this->state_machine); if (this->is_server) { if (state == PB_STATE_SERVER_WORKING) @@ -608,7 +617,6 @@ METHOD(tls_t, build, status_t, this->mutex->unlock(this->mutex); return status; ->>>>>>> upstream/4.5.1 } METHOD(tls_t, is_server, bool, @@ -626,25 +634,17 @@ METHOD(tls_t, get_purpose, tls_purpose_t, METHOD(tls_t, is_complete, bool, private_tnccs_20_t *this) { -<<<<<<< HEAD - return FALSE; -======= TNC_IMV_Action_Recommendation rec; TNC_IMV_Evaluation_Result eval; if (this->recs && this->recs->have_recommendation(this->recs, &rec, &eval)) { - DBG2(DBG_TNC, "Final recommendation is '%N' and evaluation is '%N'", - TNC_IMV_Action_Recommendation_names, rec, - TNC_IMV_Evaluation_Result_names, eval); - - return charon->imvs->enforce_recommendation(charon->imvs, rec); + return charon->imvs->enforce_recommendation(charon->imvs, rec, eval); } else { return FALSE; } ->>>>>>> upstream/4.5.1 } METHOD(tls_t, get_eap_msk, chunk_t, @@ -656,23 +656,11 @@ METHOD(tls_t, get_eap_msk, chunk_t, METHOD(tls_t, destroy, void, private_tnccs_20_t *this) { -<<<<<<< HEAD -======= - if (this->is_server) - { - charon->imvs->notify_connection_change(charon->imvs, - this->connection_id, TNC_CONNECTION_STATE_DELETE); - } - else - { - charon->imcs->notify_connection_change(charon->imcs, - this->connection_id, TNC_CONNECTION_STATE_DELETE); - } - charon->tnccs->remove_connection(charon->tnccs, this->connection_id); + charon->tnccs->remove_connection(charon->tnccs, this->connection_id, + this->is_server); this->state_machine->destroy(this->state_machine); this->mutex->destroy(this->mutex); DESTROY_IF(this->batch); ->>>>>>> upstream/4.5.1 free(this); } @@ -694,11 +682,8 @@ tls_t *tnccs_20_create(bool is_server) .destroy = _destroy, }, .is_server = is_server, -<<<<<<< HEAD -======= .state_machine = pb_tnc_state_machine_create(is_server), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), ->>>>>>> upstream/4.5.1 ); return &this->public; diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c b/src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c index 82c78f74c..e6dc699e6 100644 --- a/src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c +++ b/src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c @@ -18,6 +18,12 @@ #include <daemon.h> +METHOD(plugin_t, get_name, char*, + tnccs_20_plugin_t *this) +{ + return "tnccs-20"; +} + METHOD(plugin_t, destroy, void, tnccs_20_plugin_t *this) { @@ -35,11 +41,13 @@ plugin_t *tnccs_20_plugin_create() INIT(this, .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, ); - charon->tnccs->add_method(charon->tnccs, TNCCS_2_0, + charon->tnccs->add_method(charon->tnccs, TNCCS_2_0, (tnccs_constructor_t)tnccs_20_create); return &this->plugin; diff --git a/src/libcharon/plugins/tnccs_dynamic/Makefile.in b/src/libcharon/plugins/tnccs_dynamic/Makefile.in index 722da2830..dda1472db 100644 --- a/src/libcharon/plugins/tnccs_dynamic/Makefile.in +++ b/src/libcharon/plugins/tnccs_dynamic/Makefile.in @@ -245,6 +245,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,6 +270,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic_plugin.c b/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic_plugin.c index dbbf222e0..089a3ed57 100644 --- a/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic_plugin.c +++ b/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic_plugin.c @@ -18,6 +18,12 @@ #include <daemon.h> +METHOD(plugin_t, get_name, char*, + tnccs_dynamic_plugin_t *this) +{ + return "tnccs-dynamic"; +} + METHOD(plugin_t, destroy, void, tnccs_dynamic_plugin_t *this) { @@ -35,11 +41,13 @@ plugin_t *tnccs_dynamic_plugin_create() INIT(this, .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, ); - charon->tnccs->add_method(charon->tnccs, TNCCS_DYNAMIC, + charon->tnccs->add_method(charon->tnccs, TNCCS_DYNAMIC, (tnccs_constructor_t)tnccs_dynamic_create); return &this->plugin; diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index ca2522e46..013ceb7da 100644 --- a/src/libcharon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index 9032d8353..4e43388ec 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -196,13 +196,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE); child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, -<<<<<<< HEAD - ACTION_NONE, ACTION_NONE, FALSE, 0, 0, - NULL, NULL); -======= ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); ->>>>>>> upstream/4.5.1 child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net)); diff --git a/src/libcharon/plugins/uci/uci_plugin.c b/src/libcharon/plugins/uci/uci_plugin.c index 4790ef4e7..a6d24c32b 100644 --- a/src/libcharon/plugins/uci/uci_plugin.c +++ b/src/libcharon/plugins/uci/uci_plugin.c @@ -58,10 +58,14 @@ struct private_uci_plugin_t { uci_control_t *control; }; -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_uci_plugin_t *this) +METHOD(plugin_t, get_name, char*, + private_uci_plugin_t *this) +{ + return "uci"; +} + +METHOD(plugin_t, destroy, void, + private_uci_plugin_t *this) { charon->backends->remove_backend(charon->backends, &this->config->backend); lib->credmgr->remove_set(lib->credmgr, &this->creds->credential_set); @@ -77,14 +81,22 @@ static void destroy(private_uci_plugin_t *this) */ plugin_t *uci_plugin_create() { - private_uci_plugin_t *this = malloc_thing(private_uci_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + private_uci_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .parser = uci_parser_create(UCI_PACKAGE), + .config = uci_config_create(this->parser), + .creds = uci_creds_create(this->parser), + .control = uci_control_create(), + ); - this->parser = uci_parser_create(UCI_PACKAGE); - this->config = uci_config_create(this->parser); - this->creds = uci_creds_create(this->parser); - this->control = uci_control_create(); charon->backends->add_backend(charon->backends, &this->config->backend); lib->credmgr->add_set(lib->credmgr, &this->creds->credential_set); diff --git a/src/libcharon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in index c2f8f43fb..2fee3da82 100644 --- a/src/libcharon/plugins/unit_tester/Makefile.in +++ b/src/libcharon/plugins/unit_tester/Makefile.in @@ -226,13 +226,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -253,6 +247,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -271,14 +267,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/unit_tester/unit_tester.c b/src/libcharon/plugins/unit_tester/unit_tester.c index 5f6f94e03..ad7dba7a5 100644 --- a/src/libcharon/plugins/unit_tester/unit_tester.c +++ b/src/libcharon/plugins/unit_tester/unit_tester.c @@ -92,10 +92,14 @@ static void run_tests(private_unit_tester_t *this) success, run, failed, skipped); } -/** - * Implementation of 2007_t.destroy - */ -static void destroy(private_unit_tester_t *this) +METHOD(plugin_t, get_name, char*, + private_unit_tester_t *this) +{ + return "unit-tester"; +} + +METHOD(plugin_t, destroy, void, + private_unit_tester_t *this) { free(this); } @@ -105,9 +109,17 @@ static void destroy(private_unit_tester_t *this) */ plugin_t *unit_tester_plugin_create() { - private_unit_tester_t *this = malloc_thing(private_unit_tester_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + private_unit_tester_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + ); run_tests(this); diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index 4b7622e17..49cffe218 100644 --- a/src/libcharon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/updown/updown_plugin.c b/src/libcharon/plugins/updown/updown_plugin.c index 9d0591e62..2ce2d3257 100644 --- a/src/libcharon/plugins/updown/updown_plugin.c +++ b/src/libcharon/plugins/updown/updown_plugin.c @@ -36,10 +36,14 @@ struct private_updown_plugin_t { updown_listener_t *listener; }; -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_updown_plugin_t *this) +METHOD(plugin_t, get_name, char*, + private_updown_plugin_t *this) +{ + return "updown"; +} + +METHOD(plugin_t, destroy, void, + private_updown_plugin_t *this) { charon->bus->remove_listener(charon->bus, &this->listener->listener); this->listener->destroy(this->listener); @@ -51,11 +55,19 @@ static void destroy(private_updown_plugin_t *this) */ plugin_t *updown_plugin_create() { - private_updown_plugin_t *this = malloc_thing(private_updown_plugin_t); + private_updown_plugin_t *this; - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .listener = updown_listener_create(), + ); - this->listener = updown_listener_create(); charon->bus->add_listener(charon->bus, &this->listener->listener); return &this->public.plugin; diff --git a/src/libcharon/plugins/whitelist/Makefile.am b/src/libcharon/plugins/whitelist/Makefile.am new file mode 100644 index 000000000..064a759dd --- /dev/null +++ b/src/libcharon/plugins/whitelist/Makefile.am @@ -0,0 +1,21 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic \ + -DIPSEC_PIDDIR=\"${piddir}\" + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-whitelist.la +else +plugin_LTLIBRARIES = libstrongswan-whitelist.la +endif + +libstrongswan_whitelist_la_SOURCES = whitelist_plugin.h whitelist_plugin.c \ + whitelist_listener.h whitelist_listener.c whitelist_msg.h \ + whitelist_control.h whitelist_control.c + +libstrongswan_whitelist_la_LDFLAGS = -module -avoid-version + +ipsec_PROGRAMS = whitelist +whitelist_SOURCES = whitelist.c diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in new file mode 100644 index 000000000..37ae5f9c3 --- /dev/null +++ b/src/libcharon/plugins/whitelist/Makefile.in @@ -0,0 +1,668 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +ipsec_PROGRAMS = whitelist$(EXEEXT) +subdir = src/libcharon/plugins/whitelist +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_whitelist_la_LIBADD = +am_libstrongswan_whitelist_la_OBJECTS = whitelist_plugin.lo \ + whitelist_listener.lo whitelist_control.lo +libstrongswan_whitelist_la_OBJECTS = \ + $(am_libstrongswan_whitelist_la_OBJECTS) +libstrongswan_whitelist_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_whitelist_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_whitelist_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_whitelist_la_rpath = +PROGRAMS = $(ipsec_PROGRAMS) +am_whitelist_OBJECTS = whitelist.$(OBJEXT) +whitelist_OBJECTS = $(am_whitelist_OBJECTS) +whitelist_LDADD = $(LDADD) +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_whitelist_la_SOURCES) $(whitelist_SOURCES) +DIST_SOURCES = $(libstrongswan_whitelist_la_SOURCES) \ + $(whitelist_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic \ + -DIPSEC_PIDDIR=\"${piddir}\" + +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-whitelist.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-whitelist.la +libstrongswan_whitelist_la_SOURCES = whitelist_plugin.h whitelist_plugin.c \ + whitelist_listener.h whitelist_listener.c whitelist_msg.h \ + whitelist_control.h whitelist_control.c + +libstrongswan_whitelist_la_LDFLAGS = -module -avoid-version +whitelist_SOURCES = whitelist.c +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/whitelist/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/whitelist/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-whitelist.la: $(libstrongswan_whitelist_la_OBJECTS) $(libstrongswan_whitelist_la_DEPENDENCIES) + $(libstrongswan_whitelist_la_LINK) $(am_libstrongswan_whitelist_la_rpath) $(libstrongswan_whitelist_la_OBJECTS) $(libstrongswan_whitelist_la_LIBADD) $(LIBS) +install-ipsecPROGRAMS: $(ipsec_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-ipsecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files + +clean-ipsecPROGRAMS: + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +whitelist$(EXEEXT): $(whitelist_OBJECTS) $(whitelist_DEPENDENCIES) + @rm -f whitelist$(EXEEXT) + $(LINK) $(whitelist_OBJECTS) $(whitelist_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/whitelist.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/whitelist_control.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/whitelist_listener.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/whitelist_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \ + clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-ipsecPROGRAMS install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-ipsecPROGRAMS clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES ctags distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-ipsecPROGRAMS install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-ipsecPROGRAMS \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/whitelist/whitelist.c b/src/libcharon/plugins/whitelist/whitelist.c new file mode 100644 index 000000000..5f511f2c5 --- /dev/null +++ b/src/libcharon/plugins/whitelist/whitelist.c @@ -0,0 +1,190 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "whitelist_msg.h" + +#include <sys/socket.h> +#include <sys/un.h> +#include <unistd.h> +#include <stddef.h> +#include <stdio.h> +#include <errno.h> + +/** + * Connect to the daemon, return FD + */ +static int make_connection() +{ + struct sockaddr_un addr; + int fd; + + addr.sun_family = AF_UNIX; + strcpy(addr.sun_path, WHITELIST_SOCKET); + + fd = socket(AF_UNIX, SOCK_SEQPACKET, 0); + if (fd < 0) + { + fprintf(stderr, "opening socket failed: %s\n", strerror(errno)); + return -1; + } + if (connect(fd, (struct sockaddr *)&addr, + offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path)) < 0) + { + fprintf(stderr, "connecting to %s failed: %s\n", + WHITELIST_SOCKET, strerror(errno)); + close(fd); + return -1; + } + return fd; +} + +/** + * Send a single message + */ +static int send_msg(int type, char *id) +{ + whitelist_msg_t msg = { + .type = type, + }; + int fd; + + fd = make_connection(); + if (fd == -1) + { + return 2; + } + snprintf(msg.id, sizeof(msg.id), "%s", id); + if (send(fd, &msg, sizeof(msg), 0) != sizeof(msg)) + { + fprintf(stderr, "writing to socket failed: %s\n", strerror(errno)); + close(fd); + return 2; + } + if (type == WHITELIST_LIST) + { + while (recv(fd, &msg, sizeof(msg), 0) == sizeof(msg)) + { + if (msg.type != WHITELIST_LIST) + { + break; + } + printf("%s\n", msg.id); + } + } + close(fd); + return 0; +} + +/** + * Send a batch of messages, reading identities from a file + */ +static int send_batch(int type, char *file) +{ + whitelist_msg_t msg = { + .type = type, + }; + FILE *f = stdin; + int fd, len; + + fd = make_connection(); + if (fd == -1) + { + return 2; + } + if (file) + { + f = fopen(file, "r"); + if (f == NULL) + { + fprintf(stderr, "opening %s failed: %s\n", file, strerror(errno)); + close(fd); + return 3; + } + } + while (fgets(msg.id, sizeof(msg.id), f)) + { + len = strlen(msg.id); + if (len == 0) + { + continue; + } + if (msg.id[len-1] == '\n') + { + msg.id[len-1] = '\0'; + } + if (send(fd, &msg, sizeof(msg), 0) != sizeof(msg)) + { + fprintf(stderr, "writing to socket failed: %s\n", strerror(errno)); + if (f != stdin) + { + fclose(f); + } + close(fd); + return 2; + } + } + if (f != stdin) + { + fclose(f); + } + close(fd); + return 0; +} + +int main(int argc, char *argv[]) +{ + if (argc == 3 && strcmp(argv[1], "add") == 0) + { + return send_msg(WHITELIST_ADD, argv[2]); + } + if (argc == 3 && strcmp(argv[1], "remove") == 0) + { + return send_msg(WHITELIST_REMOVE, argv[2]); + } + if ((argc == 2 || argc == 3) && strcmp(argv[1], "add-from") == 0) + { + return send_batch(WHITELIST_ADD, argc == 3 ? argv[2] : NULL); + } + if ((argc == 2 || argc == 3) && strcmp(argv[1], "remove-from") == 0) + { + return send_batch(WHITELIST_REMOVE, argc == 3 ? argv[2] : NULL); + } + if ((argc == 2 || argc == 3) && strcmp(argv[1], "flush") == 0) + { + return send_msg(WHITELIST_FLUSH, argc == 3 ? argv[2] : "%any"); + } + if ((argc == 2 || argc == 3) && strcmp(argv[1], "list") == 0) + { + return send_msg(WHITELIST_LIST, argc == 3 ? argv[2] : "%any"); + } + if (argc == 2 && strcmp(argv[1], "enable") == 0) + { + return send_msg(WHITELIST_ENABLE, ""); + } + if (argc == 2 && strcmp(argv[1], "disable") == 0) + { + return send_msg(WHITELIST_DISABLE, ""); + } + fprintf(stderr, "Usage:\n"); + fprintf(stderr, " %s add <identity>\n", argv[0]); + fprintf(stderr, " %s remove <identity>\n", argv[0]); + fprintf(stderr, " %s add-from <file>\n", argv[0]); + fprintf(stderr, " %s remove-from <file>\n", argv[0]); + fprintf(stderr, " %s flush [<pattern>]\n", argv[0]); + fprintf(stderr, " %s list [<pattern>]\n", argv[0]); + fprintf(stderr, " %s enable\n", argv[0]); + fprintf(stderr, " %s disable\n", argv[0]); + return 1; +} diff --git a/src/libcharon/plugins/whitelist/whitelist_control.c b/src/libcharon/plugins/whitelist/whitelist_control.c new file mode 100644 index 000000000..4a1fc5d87 --- /dev/null +++ b/src/libcharon/plugins/whitelist/whitelist_control.c @@ -0,0 +1,233 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "whitelist_control.h" + +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <sys/un.h> +#include <unistd.h> +#include <errno.h> + +#include <daemon.h> +#include <threading/thread.h> +#include <processing/jobs/callback_job.h> + +#include "whitelist_msg.h" + +typedef struct private_whitelist_control_t private_whitelist_control_t; + +/** + * Private data of an whitelist_control_t object. + */ +struct private_whitelist_control_t { + + /** + * Public whitelist_control_t interface. + */ + whitelist_control_t public; + + /** + * Whitelist + */ + whitelist_listener_t *listener; + + /** + * Whitelist unix socket file descriptor + */ + int socket; + + /** + * Callback job dispatching commands + */ + callback_job_t *job; +}; + +/** + * Open whitelist unix socket + */ +static bool open_socket(private_whitelist_control_t *this) +{ + struct sockaddr_un addr; + mode_t old; + + addr.sun_family = AF_UNIX; + strcpy(addr.sun_path, WHITELIST_SOCKET); + + this->socket = socket(AF_UNIX, SOCK_SEQPACKET, 0); + if (this->socket == -1) + { + DBG1(DBG_CFG, "creating whitelist socket failed"); + return FALSE; + } + unlink(addr.sun_path); + old = umask(~(S_IRWXU | S_IRWXG)); + if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr)) < 0) + { + DBG1(DBG_CFG, "binding whitelist socket failed: %s", strerror(errno)); + close(this->socket); + return FALSE; + } + umask(old); + if (chown(addr.sun_path, charon->uid, charon->gid) != 0) + { + DBG1(DBG_CFG, "changing whitelist socket permissions failed: %s", + strerror(errno)); + } + if (listen(this->socket, 10) < 0) + { + DBG1(DBG_CFG, "listening on whitelist socket failed: %s", strerror(errno)); + close(this->socket); + unlink(addr.sun_path); + return FALSE; + } + return TRUE; +} + +/** + * Dispatch a received message + */ +static void dispatch(private_whitelist_control_t *this, + int fd, whitelist_msg_t *msg) +{ + identification_t *id, *current; + enumerator_t *enumerator; + + msg->id[sizeof(msg->id)-1] = 0; + id = identification_create_from_string(msg->id); + switch (msg->type) + { + case WHITELIST_ADD: + this->listener->add(this->listener, id); + break; + case WHITELIST_REMOVE: + this->listener->remove(this->listener, id); + break; + case WHITELIST_LIST: + enumerator = this->listener->create_enumerator(this->listener); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (current->matches(current, id)) + { + snprintf(msg->id, sizeof(msg->id), "%Y", current); + if (send(fd, msg, sizeof(*msg), 0) != sizeof(*msg)) + { + DBG1(DBG_CFG, "listing whitelist failed"); + break; + } + } + } + enumerator->destroy(enumerator); + msg->type = WHITELIST_END; + memset(msg->id, 0, sizeof(msg->id)); + send(fd, msg, sizeof(*msg), 0); + break; + case WHITELIST_FLUSH: + this->listener->flush(this->listener, id); + break; + case WHITELIST_ENABLE: + this->listener->set_active(this->listener, TRUE); + break; + case WHITELIST_DISABLE: + this->listener->set_active(this->listener, FALSE); + break; + default: + DBG1(DBG_CFG, "received unknown whitelist command"); + break; + } + id->destroy(id); +} + +/** + * Accept whitelist control connections, dispatch + */ +static job_requeue_t receive(private_whitelist_control_t *this) +{ + struct sockaddr_un addr; + int fd, len = sizeof(addr); + whitelist_msg_t msg; + bool oldstate; + + oldstate = thread_cancelability(TRUE); + fd = accept(this->socket, (struct sockaddr*)&addr, &len); + thread_cancelability(oldstate); + + if (fd != -1) + { + while (TRUE) + { + oldstate = thread_cancelability(TRUE); + len = recv(fd, &msg, sizeof(msg), 0); + thread_cancelability(oldstate); + + if (len == sizeof(msg)) + { + dispatch(this, fd, &msg); + } + else + { + if (len != 0) + { + DBG1(DBG_CFG, "receiving whitelist msg failed: %s", + strerror(errno)); + } + break; + } + } + close(fd); + } + else + { + DBG1(DBG_CFG, "accepting whitelist connection failed: %s", + strerror(errno)); + } + return JOB_REQUEUE_FAIR; +} + +METHOD(whitelist_control_t, destroy, void, + private_whitelist_control_t *this) +{ + this->job->cancel(this->job); + close(this->socket); + free(this); +} + +/** + * See header + */ +whitelist_control_t *whitelist_control_create(whitelist_listener_t *listener) +{ + private_whitelist_control_t *this; + + INIT(this, + .public = { + .destroy = _destroy, + }, + .listener = listener, + ); + + if (!open_socket(this)) + { + free(this); + return NULL; + } + + this->job = callback_job_create((callback_job_cb_t)receive, + this, NULL, NULL); + lib->processor->queue_job(lib->processor, (job_t*)this->job); + + return &this->public; +} diff --git a/src/libcharon/plugins/whitelist/whitelist_control.h b/src/libcharon/plugins/whitelist/whitelist_control.h new file mode 100644 index 000000000..dc813414d --- /dev/null +++ b/src/libcharon/plugins/whitelist/whitelist_control.h @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup whitelist_control whitelist_control + * @{ @ingroup whitelist + */ + +#ifndef WHITELIST_CONTROL_H_ +#define WHITELIST_CONTROL_H_ + +#include "whitelist_listener.h" + +typedef struct whitelist_control_t whitelist_control_t; + +/** + * Whitelist UNIX control socket. + */ +struct whitelist_control_t { + + /** + * Destroy a whitelist_control_t. + */ + void (*destroy)(whitelist_control_t *this); +}; + +/** + * Create a whitelist_control instance. + */ +whitelist_control_t *whitelist_control_create(whitelist_listener_t *listener); + +#endif /** WHITELIST_CONTROL_H_ @}*/ diff --git a/src/libcharon/plugins/whitelist/whitelist_listener.c b/src/libcharon/plugins/whitelist/whitelist_listener.c new file mode 100644 index 000000000..5634e3ef8 --- /dev/null +++ b/src/libcharon/plugins/whitelist/whitelist_listener.c @@ -0,0 +1,213 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "whitelist_listener.h" + +#include <daemon.h> +#include <utils/hashtable.h> +#include <threading/rwlock.h> + +typedef struct private_whitelist_listener_t private_whitelist_listener_t; + +/** + * Private data of an whitelist_listener_t object. + */ +struct private_whitelist_listener_t { + + /** + * Public whitelist_listener_t interface. + */ + whitelist_listener_t public; + + /** + * Lock for hashtable + */ + rwlock_t *lock; + + /** + * Hashtable with whitelisted identities + */ + hashtable_t *ids; + + /** + * Whitelist checking enabled + */ + bool enabled; +}; + +/** + * Hashtable hash function + */ +static u_int hash(identification_t *key) +{ + return chunk_hash(key->get_encoding(key)); +} + +/** + * Hashtable equals function + */ +static bool equals(identification_t *a, identification_t *b) +{ + return a->equals(a, b); +} + +METHOD(listener_t, authorize, bool, + private_whitelist_listener_t *this, ike_sa_t *ike_sa, + bool final, bool *success) +{ + /* check each authentication round */ + if (this->enabled && !final) + { + bool whitelisted = FALSE; + identification_t *id; + auth_cfg_t *auth; + + auth = ike_sa->get_auth_cfg(ike_sa, FALSE); + /* for authenticated with EAP, check EAP identity */ + id = auth->get(auth, AUTH_RULE_EAP_IDENTITY); + if (!id) + { + id = auth->get(auth, AUTH_RULE_IDENTITY); + } + if (id) + { + this->lock->read_lock(this->lock); + whitelisted = this->ids->get(this->ids, id) != NULL; + this->lock->unlock(this->lock); + } + if (whitelisted) + { + DBG2(DBG_CFG, "peer identity '%Y' whitelisted", id); + } + else + { + DBG1(DBG_CFG, "peer identity '%Y' not whitelisted", id); + *success = FALSE; + } + } + return TRUE; +} + +METHOD(whitelist_listener_t, add, void, + private_whitelist_listener_t *this, identification_t *id) +{ + id = id->clone(id); + this->lock->write_lock(this->lock); + id = this->ids->put(this->ids, id, id); + this->lock->unlock(this->lock); + DESTROY_IF(id); +} + +METHOD(whitelist_listener_t, remove_, void, + private_whitelist_listener_t *this, identification_t *id) +{ + this->lock->write_lock(this->lock); + id = this->ids->remove(this->ids, id); + this->lock->unlock(this->lock); + DESTROY_IF(id); +} + +/** + * Enumerator filter, from hashtable (key, value) to single identity + */ +static bool whitelist_filter(rwlock_t *lock, identification_t **key, + identification_t **id, identification_t **value) +{ + *id = *value; + return TRUE; +} + +METHOD(whitelist_listener_t, create_enumerator, enumerator_t*, + private_whitelist_listener_t *this) +{ + this->lock->read_lock(this->lock); + return enumerator_create_filter(this->ids->create_enumerator(this->ids), + (void*)whitelist_filter, this->lock, + (void*)this->lock->unlock); +} + +METHOD(whitelist_listener_t, flush, void, + private_whitelist_listener_t *this, identification_t *id) +{ + enumerator_t *enumerator; + identification_t *key, *value; + + this->lock->write_lock(this->lock); + enumerator = this->ids->create_enumerator(this->ids); + while (enumerator->enumerate(enumerator, &key, &value)) + { + if (value->matches(value, id)) + { + this->ids->remove_at(this->ids, enumerator); + value->destroy(value); + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + +METHOD(whitelist_listener_t, set_active, void, + private_whitelist_listener_t *this, bool enable) +{ + DBG1(DBG_CFG, "whitelist functionality %s%sabled", + (this->enabled == enable) ? "was already " : "", enable ? "en" : "dis"); + this->enabled = enable; +} + +METHOD(whitelist_listener_t, destroy, void, + private_whitelist_listener_t *this) +{ + identification_t *key, *value; + enumerator_t *enumerator; + + enumerator = this->ids->create_enumerator(this->ids); + while (enumerator->enumerate(enumerator, &key, &value)) + { + value->destroy(value); + } + enumerator->destroy(enumerator); + this->ids->destroy(this->ids); + this->lock->destroy(this->lock); + free(this); +} + +/** + * See header + */ +whitelist_listener_t *whitelist_listener_create() +{ + private_whitelist_listener_t *this; + + INIT(this, + .public = { + .listener = { + .authorize = _authorize, + }, + .add = _add, + .remove = _remove_, + .create_enumerator = _create_enumerator, + .flush = _flush, + .set_active = _set_active, + .destroy = _destroy, + }, + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + .ids = hashtable_create((hashtable_hash_t)hash, + (hashtable_equals_t)equals, 32), + .enabled = lib->settings->get_bool(lib->settings, + "charon.plugins.whitelist.enable", FALSE), + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/whitelist/whitelist_listener.h b/src/libcharon/plugins/whitelist/whitelist_listener.h new file mode 100644 index 000000000..ac9475245 --- /dev/null +++ b/src/libcharon/plugins/whitelist/whitelist_listener.h @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup whitelist_listener whitelist_listener + * @{ @ingroup whitelist + */ + +#ifndef WHITELIST_LISTENER_H_ +#define WHITELIST_LISTENER_H_ + +#include <bus/listeners/listener.h> + +typedef struct whitelist_listener_t whitelist_listener_t; + +/** + * Listener checking connecting peer against a whitelist. + */ +struct whitelist_listener_t { + + /** + * Implements listener_t interface. + */ + listener_t listener; + + /** + * Add a peer identity to the whitelist. + * + * @param id identity to whitelist + */ + void (*add)(whitelist_listener_t *this, identification_t *id); + + /** + * Remove a peer identity from the whitelist. + * + * @param id identity to remove from whitelist + */ + void (*remove)(whitelist_listener_t *this, identification_t *id); + + /** + * Create an enumerator over whitelisted peer identities. + * + * The enumerator read-locks the whitelist, do not call add/remove while + * it is alive. + * + * @return enumerator over identification_t* + */ + enumerator_t* (*create_enumerator)(whitelist_listener_t *this); + + /** + * Flush identities from whitelist matching id. + * + * @param id id to match + */ + void (*flush)(whitelist_listener_t *this, identification_t *id); + + /** + * Enable/Disable whitelist checking. + * + * @param enable TRUE to enable, FALSE to disable + */ + void (*set_active)(whitelist_listener_t *this, bool enable); + + /** + * Destroy a whitelist_listener_t. + */ + void (*destroy)(whitelist_listener_t *this); +}; + +/** + * Create a whitelist_listener instance. + */ +whitelist_listener_t *whitelist_listener_create(); + +#endif /** WHITELIST_LISTENER_H_ @}*/ diff --git a/src/libcharon/plugins/whitelist/whitelist_msg.h b/src/libcharon/plugins/whitelist/whitelist_msg.h new file mode 100644 index 000000000..65b922996 --- /dev/null +++ b/src/libcharon/plugins/whitelist/whitelist_msg.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup whitelist_msg whitelist_msg + * @{ @ingroup whitelist + */ + +#ifndef WHITELIST_MSG_H_ +#define WHITELIST_MSG_H_ + +#define WHITELIST_SOCKET IPSEC_PIDDIR "/charon.wlst" + +typedef struct whitelist_msg_t whitelist_msg_t; + +/** + * Message type. + */ +enum { + /* add whitelist entry */ + WHITELIST_ADD = 1, + /* remove whitelist entry */ + WHITELIST_REMOVE = 2, + /* list identities matching id, gets responded with LIST messages */ + WHITELIST_LIST = 3, + /* indicates end of list in a series of LIST messages */ + WHITELIST_END = 4, + /* flush identities matching id */ + WHITELIST_FLUSH = 5, + /* enable whitelist checking */ + WHITELIST_ENABLE = 6, + /* disable whitelist checking */ + WHITELIST_DISABLE = 7, +}; + +/** + * Message to exchange over whitelist + */ +struct whitelist_msg_t { + /** message type */ + int type; + /** null terminated identity */ + char id[128]; +}; + +#endif /** WHITELIST_MSG_H_ @}*/ diff --git a/src/libcharon/plugins/whitelist/whitelist_plugin.c b/src/libcharon/plugins/whitelist/whitelist_plugin.c new file mode 100644 index 000000000..fca9d293f --- /dev/null +++ b/src/libcharon/plugins/whitelist/whitelist_plugin.c @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "whitelist_plugin.h" + +#include "whitelist_listener.h" +#include "whitelist_control.h" + +#include <daemon.h> + +typedef struct private_whitelist_plugin_t private_whitelist_plugin_t; + +/** + * private data of whitelist plugin + */ +struct private_whitelist_plugin_t { + + /** + * implements plugin interface + */ + whitelist_plugin_t public; + + /** + * Listener checking whitelist entries during authorization + */ + whitelist_listener_t *listener; + + /** + * Whitelist control socket + */ + whitelist_control_t *control; +}; + +METHOD(plugin_t, get_name, char*, + private_whitelist_plugin_t *this) +{ + return "whitelist"; +} + +METHOD(plugin_t, destroy, void, + private_whitelist_plugin_t *this) +{ + charon->bus->remove_listener(charon->bus, &this->listener->listener); + this->listener->destroy(this->listener); + DESTROY_IF(this->control); + free(this); +} + +/** + * Plugin constructor + */ +plugin_t *whitelist_plugin_create() +{ + private_whitelist_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, + .listener = whitelist_listener_create(), + ); + this->control = whitelist_control_create(this->listener); + + charon->bus->add_listener(charon->bus, &this->listener->listener); + + return &this->public.plugin; +} diff --git a/src/libcharon/plugins/whitelist/whitelist_plugin.h b/src/libcharon/plugins/whitelist/whitelist_plugin.h new file mode 100644 index 000000000..243313376 --- /dev/null +++ b/src/libcharon/plugins/whitelist/whitelist_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup whitelist whitelist + * @ingroup cplugins + * + * @defgroup whitelist_plugin whitelist_plugin + * @{ @ingroup whitelist + */ + +#ifndef WHITELIST_PLUGIN_H_ +#define WHITELIST_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct whitelist_plugin_t whitelist_plugin_t; + +/** + * Peer identity whitelisting plugin. + */ +struct whitelist_plugin_t { + + /** + * Implements plugin interface. + */ + plugin_t plugin; +}; + +#endif /** WHITELIST_PLUGIN_H_ @}*/ diff --git a/src/libcharon/processing/jobs/acquire_job.c b/src/libcharon/processing/jobs/acquire_job.c index 7a38d2553..3544dd332 100644 --- a/src/libcharon/processing/jobs/acquire_job.c +++ b/src/libcharon/processing/jobs/acquire_job.c @@ -45,30 +45,16 @@ struct private_acquire_job_t { traffic_selector_t *dst_ts; }; -<<<<<<< HEAD -/** - * Implementation of job_t.destroy. - */ -static void destroy(private_acquire_job_t *this) -======= METHOD(job_t, destroy, void, private_acquire_job_t *this) ->>>>>>> upstream/4.5.1 { DESTROY_IF(this->src_ts); DESTROY_IF(this->dst_ts); free(this); } -<<<<<<< HEAD -/** - * Implementation of job_t.execute. - */ -static void execute(private_acquire_job_t *this) -======= METHOD(job_t, execute, void, private_acquire_job_t *this) ->>>>>>> upstream/4.5.1 { charon->traps->acquire(charon->traps, this->reqid, this->src_ts, this->dst_ts); @@ -82,16 +68,6 @@ acquire_job_t *acquire_job_create(u_int32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { -<<<<<<< HEAD - private_acquire_job_t *this = malloc_thing(private_acquire_job_t); - - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - - this->reqid = reqid; - this->src_ts = src_ts; - this->dst_ts = dst_ts; -======= private_acquire_job_t *this; INIT(this, @@ -105,7 +81,6 @@ acquire_job_t *acquire_job_create(u_int32_t reqid, .src_ts = src_ts, .dst_ts = dst_ts, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/delete_child_sa_job.c b/src/libcharon/processing/jobs/delete_child_sa_job.c index 12b4dc1e2..29122cd03 100644 --- a/src/libcharon/processing/jobs/delete_child_sa_job.c +++ b/src/libcharon/processing/jobs/delete_child_sa_job.c @@ -46,28 +46,14 @@ struct private_delete_child_sa_job_t { u_int32_t spi; }; -<<<<<<< HEAD -/** - * Implementation of job_t.destroy. - */ -static void destroy(private_delete_child_sa_job_t *this) -======= METHOD(job_t, destroy, void, private_delete_child_sa_job_t *this) ->>>>>>> upstream/4.5.1 { free(this); } -<<<<<<< HEAD -/** - * Implementation of job_t.execute. - */ -static void execute(private_delete_child_sa_job_t *this) -======= METHOD(job_t, execute, void, private_delete_child_sa_job_t *this) ->>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -94,18 +80,6 @@ delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, protocol_id_t protocol, u_int32_t spi) { -<<<<<<< HEAD - private_delete_child_sa_job_t *this = malloc_thing(private_delete_child_sa_job_t); - - /* interface functions */ - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - - /* private variables */ - this->reqid = reqid; - this->protocol = protocol; - this->spi = spi; -======= private_delete_child_sa_job_t *this; INIT(this, @@ -119,7 +93,6 @@ delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, .protocol = protocol, .spi = spi, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/delete_ike_sa_job.c b/src/libcharon/processing/jobs/delete_ike_sa_job.c index 2297f3fba..468c9ef94 100644 --- a/src/libcharon/processing/jobs/delete_ike_sa_job.c +++ b/src/libcharon/processing/jobs/delete_ike_sa_job.c @@ -41,29 +41,15 @@ struct private_delete_ike_sa_job_t { }; -<<<<<<< HEAD -/** - * Implements job_t.destroy. - */ -static void destroy(private_delete_ike_sa_job_t *this) -======= METHOD(job_t, destroy, void, private_delete_ike_sa_job_t *this) ->>>>>>> upstream/4.5.1 { this->ike_sa_id->destroy(this->ike_sa_id); free(this); } -<<<<<<< HEAD -/** - * Implementation of job_t.execute. - */ -static void execute(private_delete_ike_sa_job_t *this) -======= METHOD(job_t, execute, void, private_delete_ike_sa_job_t *this) ->>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -90,8 +76,8 @@ METHOD(job_t, execute, void, } else { - /* destroy only if not ESTABLISHED */ - if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED) + /* destroy IKE_SA did not complete connecting phase */ + if (ike_sa->get_state(ike_sa) != IKE_CONNECTING) { charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } @@ -112,17 +98,6 @@ METHOD(job_t, execute, void, delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool delete_if_established) { -<<<<<<< HEAD - private_delete_ike_sa_job_t *this = malloc_thing(private_delete_ike_sa_job_t); - - /* interface functions */ - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void (*)(job_t *)) destroy;; - - /* private variables */ - this->ike_sa_id = ike_sa_id->clone(ike_sa_id); - this->delete_if_established = delete_if_established; -======= private_delete_ike_sa_job_t *this; INIT(this, @@ -135,7 +110,6 @@ delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id, .ike_sa_id = ike_sa_id->clone(ike_sa_id), .delete_if_established = delete_if_established, ); ->>>>>>> upstream/4.5.1 return &(this->public); } diff --git a/src/libcharon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c index 7ddd0a82b..5e7c7ae88 100644 --- a/src/libcharon/processing/jobs/migrate_job.c +++ b/src/libcharon/processing/jobs/migrate_job.c @@ -57,15 +57,8 @@ struct private_migrate_job_t { host_t *remote; }; -<<<<<<< HEAD -/** - * Implementation of job_t.destroy. - */ -static void destroy(private_migrate_job_t *this) -======= METHOD(job_t, destroy, void, private_migrate_job_t *this) ->>>>>>> upstream/4.5.1 { DESTROY_IF(this->src_ts); DESTROY_IF(this->dst_ts); @@ -74,15 +67,8 @@ METHOD(job_t, destroy, void, free(this); } -<<<<<<< HEAD -/** - * Implementation of job_t.execute. - */ -static void execute(private_migrate_job_t *this) -======= METHOD(job_t, execute, void, private_migrate_job_t *this) ->>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa = NULL; @@ -143,20 +129,6 @@ migrate_job_t *migrate_job_create(u_int32_t reqid, policy_dir_t dir, host_t *local, host_t *remote) { -<<<<<<< HEAD - private_migrate_job_t *this = malloc_thing(private_migrate_job_t); - - /* interface functions */ - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - - /* private variables */ - this->reqid = reqid; - this->src_ts = (dir == POLICY_OUT) ? src_ts : dst_ts; - this->dst_ts = (dir == POLICY_OUT) ? dst_ts : src_ts; - this->local = local; - this->remote = remote; -======= private_migrate_job_t *this; INIT(this, @@ -172,7 +144,6 @@ migrate_job_t *migrate_job_create(u_int32_t reqid, .local = local, .remote = remote, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/process_message_job.c b/src/libcharon/processing/jobs/process_message_job.c index 733775cfa..b6de4fc0f 100644 --- a/src/libcharon/processing/jobs/process_message_job.c +++ b/src/libcharon/processing/jobs/process_message_job.c @@ -35,29 +35,15 @@ struct private_process_message_job_t { message_t *message; }; -<<<<<<< HEAD -/** - * Implements job_t.destroy. - */ -static void destroy(private_process_message_job_t *this) -======= METHOD(job_t, destroy, void, private_process_message_job_t *this) ->>>>>>> upstream/4.5.1 { this->message->destroy(this->message); free(this); } -<<<<<<< HEAD -/** - * Implementation of job_t.execute. - */ -static void execute(private_process_message_job_t *this) -======= METHOD(job_t, execute, void, private_process_message_job_t *this) ->>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -103,16 +89,6 @@ METHOD(job_t, execute, void, */ process_message_job_t *process_message_job_create(message_t *message) { -<<<<<<< HEAD - private_process_message_job_t *this = malloc_thing(private_process_message_job_t); - - /* interface functions */ - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void(*)(job_t*))destroy; - - /* private variables */ - this->message = message; -======= private_process_message_job_t *this; INIT(this, @@ -124,7 +100,6 @@ process_message_job_t *process_message_job_create(message_t *message) }, .message = message, ); ->>>>>>> upstream/4.5.1 return &(this->public); } diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.c b/src/libcharon/processing/jobs/rekey_child_sa_job.c index 5e147fda6..2bcee2ddf 100644 --- a/src/libcharon/processing/jobs/rekey_child_sa_job.c +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.c @@ -45,28 +45,14 @@ struct private_rekey_child_sa_job_t { u_int32_t spi; }; -<<<<<<< HEAD -/** - * Implementation of job_t.destroy. - */ -static void destroy(private_rekey_child_sa_job_t *this) -======= METHOD(job_t, destroy, void, private_rekey_child_sa_job_t *this) ->>>>>>> upstream/4.5.1 { free(this); } -<<<<<<< HEAD -/** - * Implementation of job_t.execute. - */ -static void execute(private_rekey_child_sa_job_t *this) -======= METHOD(job_t, execute, void, private_rekey_child_sa_job_t *this) ->>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -92,18 +78,6 @@ rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, protocol_id_t protocol, u_int32_t spi) { -<<<<<<< HEAD - private_rekey_child_sa_job_t *this = malloc_thing(private_rekey_child_sa_job_t); - - /* interface functions */ - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - - /* private variables */ - this->reqid = reqid; - this->protocol = protocol; - this->spi = spi; -======= private_rekey_child_sa_job_t *this; INIT(this, @@ -117,7 +91,6 @@ rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, .protocol = protocol, .spi = spi, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/rekey_ike_sa_job.c b/src/libcharon/processing/jobs/rekey_ike_sa_job.c index 5f43b2cd5..dc86ba9b3 100644 --- a/src/libcharon/processing/jobs/rekey_ike_sa_job.c +++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.c @@ -39,29 +39,15 @@ struct private_rekey_ike_sa_job_t { bool reauth; }; -<<<<<<< HEAD -/** - * Implementation of job_t.destroy. - */ -static void destroy(private_rekey_ike_sa_job_t *this) -======= METHOD(job_t, destroy, void, private_rekey_ike_sa_job_t *this) ->>>>>>> upstream/4.5.1 { this->ike_sa_id->destroy(this->ike_sa_id); free(this); } -<<<<<<< HEAD -/** - * Implementation of job_t.execute. - */ -static void execute(private_rekey_ike_sa_job_t *this) -======= METHOD(job_t, execute, void, private_rekey_ike_sa_job_t *this) ->>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; status_t status = SUCCESS; @@ -100,17 +86,6 @@ METHOD(job_t, execute, void, */ rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth) { -<<<<<<< HEAD - private_rekey_ike_sa_job_t *this = malloc_thing(private_rekey_ike_sa_job_t); - - /* interface functions */ - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - - /* private variables */ - this->ike_sa_id = ike_sa_id->clone(ike_sa_id); - this->reauth = reauth; -======= private_rekey_ike_sa_job_t *this; INIT(this, @@ -123,7 +98,6 @@ rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth) .ike_sa_id = ike_sa_id->clone(ike_sa_id), .reauth = reauth, ); ->>>>>>> upstream/4.5.1 return &(this->public); } diff --git a/src/libcharon/processing/jobs/retransmit_job.c b/src/libcharon/processing/jobs/retransmit_job.c index 0b73f1485..1c78abd27 100644 --- a/src/libcharon/processing/jobs/retransmit_job.c +++ b/src/libcharon/processing/jobs/retransmit_job.c @@ -40,29 +40,15 @@ struct private_retransmit_job_t { ike_sa_id_t *ike_sa_id; }; -<<<<<<< HEAD -/** - * Implements job_t.destroy. - */ -static void destroy(private_retransmit_job_t *this) -======= METHOD(job_t, destroy, void, private_retransmit_job_t *this) ->>>>>>> upstream/4.5.1 { this->ike_sa_id->destroy(this->ike_sa_id); free(this); } -<<<<<<< HEAD -/** - * Implementation of job_t.execute. - */ -static void execute(private_retransmit_job_t *this) -======= METHOD(job_t, execute, void, private_retransmit_job_t *this) ->>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -89,17 +75,6 @@ METHOD(job_t, execute, void, */ retransmit_job_t *retransmit_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa_id) { -<<<<<<< HEAD - private_retransmit_job_t *this = malloc_thing(private_retransmit_job_t); - - /* interface functions */ - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - - /* private variables */ - this->message_id = message_id; - this->ike_sa_id = ike_sa_id->clone(ike_sa_id); -======= private_retransmit_job_t *this; INIT(this, @@ -112,7 +87,6 @@ retransmit_job_t *retransmit_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa .message_id = message_id, .ike_sa_id = ike_sa_id->clone(ike_sa_id), ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/roam_job.c b/src/libcharon/processing/jobs/roam_job.c index bcc96686c..74ef8bd6d 100644 --- a/src/libcharon/processing/jobs/roam_job.c +++ b/src/libcharon/processing/jobs/roam_job.c @@ -38,28 +38,14 @@ struct private_roam_job_t { bool address; }; -<<<<<<< HEAD -/** - * Implements job_t.destroy. - */ -static void destroy(private_roam_job_t *this) -======= METHOD(job_t, destroy, void, private_roam_job_t *this) ->>>>>>> upstream/4.5.1 { free(this); } -<<<<<<< HEAD -/** - * Implementation of job_t.execute. - */ -static void execute(private_roam_job_t *this) -======= METHOD(job_t, execute, void, private_roam_job_t *this) ->>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; linked_list_t *list; @@ -104,14 +90,6 @@ METHOD(job_t, execute, void, */ roam_job_t *roam_job_create(bool address) { -<<<<<<< HEAD - private_roam_job_t *this = malloc_thing(private_roam_job_t); - - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - - this->address = address; -======= private_roam_job_t *this; INIT(this, @@ -123,7 +101,6 @@ roam_job_t *roam_job_create(bool address) }, .address = address, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/send_dpd_job.c b/src/libcharon/processing/jobs/send_dpd_job.c index 0a0fd2144..47b525363 100644 --- a/src/libcharon/processing/jobs/send_dpd_job.c +++ b/src/libcharon/processing/jobs/send_dpd_job.c @@ -38,29 +38,15 @@ struct private_send_dpd_job_t { ike_sa_id_t *ike_sa_id; }; -<<<<<<< HEAD -/** - * Implements job_t.destroy. - */ -static void destroy(private_send_dpd_job_t *this) -======= METHOD(job_t, destroy, void, private_send_dpd_job_t *this) ->>>>>>> upstream/4.5.1 { this->ike_sa_id->destroy(this->ike_sa_id); free(this); } -<<<<<<< HEAD -/** - * Implementation of job_t.execute. - */ -static void execute(private_send_dpd_job_t *this) -======= METHOD(job_t, execute, void, private_send_dpd_job_t *this) ->>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -85,16 +71,6 @@ METHOD(job_t, execute, void, */ send_dpd_job_t *send_dpd_job_create(ike_sa_id_t *ike_sa_id) { -<<<<<<< HEAD - private_send_dpd_job_t *this = malloc_thing(private_send_dpd_job_t); - - /* interface functions */ - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - - /* private variables */ - this->ike_sa_id = ike_sa_id->clone(ike_sa_id); -======= private_send_dpd_job_t *this; INIT(this, @@ -106,7 +82,6 @@ send_dpd_job_t *send_dpd_job_create(ike_sa_id_t *ike_sa_id) }, .ike_sa_id = ike_sa_id->clone(ike_sa_id), ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/send_keepalive_job.c b/src/libcharon/processing/jobs/send_keepalive_job.c index 21b78919f..8d98aad7e 100644 --- a/src/libcharon/processing/jobs/send_keepalive_job.c +++ b/src/libcharon/processing/jobs/send_keepalive_job.c @@ -38,29 +38,15 @@ struct private_send_keepalive_job_t { ike_sa_id_t *ike_sa_id; }; -<<<<<<< HEAD -/** - * Implements job_t.destroy. - */ -static void destroy(private_send_keepalive_job_t *this) -======= METHOD(job_t, destroy, void, private_send_keepalive_job_t *this) ->>>>>>> upstream/4.5.1 { this->ike_sa_id->destroy(this->ike_sa_id); free(this); } -<<<<<<< HEAD -/** - * Implementation of job_t.execute. - */ -static void execute(private_send_keepalive_job_t *this) -======= METHOD(job_t, execute, void, private_send_keepalive_job_t *this) ->>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -79,16 +65,6 @@ METHOD(job_t, execute, void, */ send_keepalive_job_t *send_keepalive_job_create(ike_sa_id_t *ike_sa_id) { -<<<<<<< HEAD - private_send_keepalive_job_t *this = malloc_thing(private_send_keepalive_job_t); - - /* interface functions */ - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - - /* private variables */ - this->ike_sa_id = ike_sa_id->clone(ike_sa_id); -======= private_send_keepalive_job_t *this; INIT(this, @@ -100,7 +76,6 @@ send_keepalive_job_t *send_keepalive_job_create(ike_sa_id_t *ike_sa_id) }, .ike_sa_id = ike_sa_id->clone(ike_sa_id), ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c index eeaf9f1c4..3b4e9949f 100644 --- a/src/libcharon/processing/jobs/update_sa_job.c +++ b/src/libcharon/processing/jobs/update_sa_job.c @@ -43,29 +43,15 @@ struct private_update_sa_job_t { host_t *new; }; -<<<<<<< HEAD -/** - * Implements job_t.destroy. - */ -static void destroy(private_update_sa_job_t *this) -======= METHOD(job_t, destroy, void, private_update_sa_job_t *this) ->>>>>>> upstream/4.5.1 { this->new->destroy(this->new); free(this); } -<<<<<<< HEAD -/** - * Implementation of job_t.execute. - */ -static void execute(private_update_sa_job_t *this) -======= METHOD(job_t, execute, void, private_update_sa_job_t *this) ->>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa; @@ -81,11 +67,7 @@ METHOD(job_t, execute, void, if (ike_sa->has_condition(ike_sa, COND_NAT_THERE) && !ike_sa->has_condition(ike_sa, COND_NAT_HERE)) { -<<<<<<< HEAD - ike_sa->update_hosts(ike_sa, NULL, this->new); -======= ike_sa->update_hosts(ike_sa, NULL, this->new, FALSE); ->>>>>>> upstream/4.5.1 } charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } @@ -97,15 +79,6 @@ METHOD(job_t, execute, void, */ update_sa_job_t *update_sa_job_create(u_int32_t reqid, host_t *new) { -<<<<<<< HEAD - private_update_sa_job_t *this = malloc_thing(private_update_sa_job_t); - - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - - this->reqid = reqid; - this->new = new; -======= private_update_sa_job_t *this; INIT(this, @@ -118,7 +91,6 @@ update_sa_job_t *update_sa_job_create(u_int32_t reqid, host_t *new) .reqid = reqid, .new = new, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/sa/authenticators/authenticator.c b/src/libcharon/sa/authenticators/authenticator.c index 3f176f9be..83f5fbaad 100644 --- a/src/libcharon/sa/authenticators/authenticator.c +++ b/src/libcharon/sa/authenticators/authenticator.c @@ -39,12 +39,8 @@ ENUM_END(auth_method_names, AUTH_ECDSA_521); */ authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg, chunk_t received_nonce, chunk_t sent_nonce, -<<<<<<< HEAD - chunk_t received_init, chunk_t sent_init) -======= chunk_t received_init, chunk_t sent_init, char reserved[3]) ->>>>>>> upstream/4.5.1 { switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS)) { @@ -52,15 +48,6 @@ authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg, /* defaults to PUBKEY */ case AUTH_CLASS_PUBKEY: return (authenticator_t*)pubkey_authenticator_create_builder(ike_sa, -<<<<<<< HEAD - received_nonce, sent_init); - case AUTH_CLASS_PSK: - return (authenticator_t*)psk_authenticator_create_builder(ike_sa, - received_nonce, sent_init); - case AUTH_CLASS_EAP: - return (authenticator_t*)eap_authenticator_create_builder(ike_sa, - received_nonce, sent_nonce, received_init, sent_init); -======= received_nonce, sent_init, reserved); case AUTH_CLASS_PSK: return (authenticator_t*)psk_authenticator_create_builder(ike_sa, @@ -69,7 +56,6 @@ authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg, return (authenticator_t*)eap_authenticator_create_builder(ike_sa, received_nonce, sent_nonce, received_init, sent_init, reserved); ->>>>>>> upstream/4.5.1 default: return NULL; } @@ -81,12 +67,8 @@ authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg, authenticator_t *authenticator_create_verifier( ike_sa_t *ike_sa, message_t *message, chunk_t received_nonce, chunk_t sent_nonce, -<<<<<<< HEAD - chunk_t received_init, chunk_t sent_init) -======= chunk_t received_init, chunk_t sent_init, char reserved[3]) ->>>>>>> upstream/4.5.1 { auth_payload_t *auth_payload; @@ -94,12 +76,8 @@ authenticator_t *authenticator_create_verifier( if (auth_payload == NULL) { return (authenticator_t*)eap_authenticator_create_verifier(ike_sa, -<<<<<<< HEAD - received_nonce, sent_nonce, received_init, sent_init); -======= received_nonce, sent_nonce, received_init, sent_init, reserved); ->>>>>>> upstream/4.5.1 } switch (auth_payload->get_auth_method(auth_payload)) { @@ -108,17 +86,10 @@ authenticator_t *authenticator_create_verifier( case AUTH_ECDSA_384: case AUTH_ECDSA_521: return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa, -<<<<<<< HEAD - sent_nonce, received_init); - case AUTH_PSK: - return (authenticator_t*)psk_authenticator_create_verifier(ike_sa, - sent_nonce, received_init); -======= sent_nonce, received_init, reserved); case AUTH_PSK: return (authenticator_t*)psk_authenticator_create_verifier(ike_sa, sent_nonce, received_init, reserved); ->>>>>>> upstream/4.5.1 default: return NULL; } diff --git a/src/libcharon/sa/authenticators/authenticator.h b/src/libcharon/sa/authenticators/authenticator.h index d30094c9b..d27e006a3 100644 --- a/src/libcharon/sa/authenticators/authenticator.h +++ b/src/libcharon/sa/authenticators/authenticator.h @@ -130,21 +130,14 @@ struct authenticator_t { * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data * @param sent_init sent IKE_SA_INIT message data -<<<<<<< HEAD -======= * @param reserved reserved bytes of the ID payload ->>>>>>> upstream/4.5.1 * @return authenticator, NULL if not supported */ authenticator_t *authenticator_create_builder( ike_sa_t *ike_sa, auth_cfg_t *cfg, chunk_t received_nonce, chunk_t sent_nonce, -<<<<<<< HEAD - chunk_t received_init, chunk_t sent_init); -======= chunk_t received_init, chunk_t sent_init, char reserved[3]); ->>>>>>> upstream/4.5.1 /** * Create an authenticator to verify signatures. @@ -155,20 +148,13 @@ authenticator_t *authenticator_create_builder( * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data * @param sent_init sent IKE_SA_INIT message data -<<<<<<< HEAD -======= * @param reserved reserved bytes of the ID payload ->>>>>>> upstream/4.5.1 * @return authenticator, NULL if not supported */ authenticator_t *authenticator_create_verifier( ike_sa_t *ike_sa, message_t *message, chunk_t received_nonce, chunk_t sent_nonce, -<<<<<<< HEAD - chunk_t received_init, chunk_t sent_init); -======= chunk_t received_init, chunk_t sent_init, char reserved[3]); ->>>>>>> upstream/4.5.1 #endif /** AUTHENTICATOR_H_ @}*/ diff --git a/src/libcharon/sa/authenticators/eap/eap_method.h b/src/libcharon/sa/authenticators/eap/eap_method.h index 9961039ff..0eab2b5ff 100644 --- a/src/libcharon/sa/authenticators/eap/eap_method.h +++ b/src/libcharon/sa/authenticators/eap/eap_method.h @@ -113,14 +113,29 @@ struct eap_method_t { * Not all EAP methods establish a shared secret. For implementations of * the EAP-Identity method, get_msk() returns the received identity. * - * @param msk chunk receiving internal stored MSK + * @param msk chunk receiving internal stored MSK * @return - * - SUCCESS, or - * - FAILED, if MSK not established (yet) + * - SUCCESS, or + * - FAILED, if MSK not established (yet) */ status_t (*get_msk) (eap_method_t *this, chunk_t *msk); /** + * Get the current EAP identifier. + * + * @return current EAP identifier + */ + u_int8_t (*get_identifier) (eap_method_t *this); + + /** + * Set the EAP identifier to a deterministic value, overwriting + * the randomly initialized default value. + * + * @param identifier current EAP identifier + */ + void (*set_identifier) (eap_method_t *this, u_int8_t identifier); + + /** * Destroys a eap_method_t object. */ void (*destroy) (eap_method_t *this); diff --git a/src/libcharon/sa/authenticators/eap/sim_card.h b/src/libcharon/sa/authenticators/eap/sim_card.h new file mode 100644 index 000000000..5f5dc580b --- /dev/null +++ b/src/libcharon/sa/authenticators/eap/sim_card.h @@ -0,0 +1,125 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sim_card sim_card + * @{ @ingroup eap + */ + +#ifndef SIM_CARD_H_ +#define SIM_CARD_H_ + +typedef struct sim_card_t sim_card_t; + +/** + * Interface for a (U)SIM card (used as EAP client). + * + * The SIM card completes triplets/quintuplets requested in a challenge + * received from the server. + * An implementation supporting only one of SIM/AKA authentication may + * implement the other methods with return_false()/return NOT_SUPPORTED/NULL. + */ +struct sim_card_t { + + /** + * Calculate SRES/KC from a RAND for SIM authentication. + * + * @param id permanent identity to get a triplet for + * @param rand RAND input buffer, fixed size 16 bytes + * @param sres SRES output buffer, fixed size 4 byte + * @param kc KC output buffer, fixed size 8 bytes + * @return TRUE if SRES/KC calculated, FALSE on error/wrong identity + */ + bool (*get_triplet)(sim_card_t *this, identification_t *id, + char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], + char kc[SIM_KC_LEN]); + + /** + * Calculate CK/IK/RES from RAND/AUTN for AKA authentication. + * + * If the received sequence number (in autn) is out of sync, INVALID_STATE + * is returned. + * The RES value is the only one with variable length. Pass a buffer + * of at least AKA_RES_MAX, the actual number of bytes is written to the + * res_len value. While the standard would allow any bit length between + * 32 and 128 bits, we support only full bytes for now. + * + * @param id permanent identity to request quintuplet for + * @param rand random value rand + * @param autn authentication token autn + * @param ck buffer receiving encryption key ck + * @param ik buffer receiving integrity key ik + * @param res buffer receiving authentication result res + * @param res_len nubmer of bytes written to res buffer + * @return SUCCESS, FAILED, or INVALID_STATE if out of sync + */ + status_t (*get_quintuplet)(sim_card_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], + char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], + char res[AKA_RES_MAX], int *res_len); + + /** + * Calculate AUTS from RAND for AKA resynchronization. + * + * @param id permanent identity to request quintuplet for + * @param rand random value rand + * @param auts resynchronization parameter auts + * @return TRUE if parameter generated successfully + */ + bool (*resync)(sim_card_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]); + + /** + * Set the pseudonym to use for next authentication. + * + * @param id permanent identity of the peer + * @param pseudonym pseudonym identity received from the server + */ + void (*set_pseudonym)(sim_card_t *this, identification_t *id, + identification_t *pseudonym); + + /** + * Get the pseudonym previously stored via set_pseudonym(). + * + * @param id permanent identity of the peer + * @return associated pseudonym identity, NULL if none stored + */ + identification_t* (*get_pseudonym)(sim_card_t *this, identification_t *id); + + /** + * Store parameters to use for the next fast reauthentication. + * + * @param id permanent identity of the peer + * @param next next fast reauthentication identity to use + * @param mk master key MK to store for reauthentication + * @param counter counter value to store, host order + */ + void (*set_reauth)(sim_card_t *this, identification_t *id, + identification_t *next, char mk[HASH_SIZE_SHA1], + u_int16_t counter); + + /** + * Retrieve parameters for fast reauthentication stored via set_reauth(). + * + * @param id permanent identity of the peer + * @param mk buffer receiving master key MK + * @param counter pointer receiving counter value, in host order + * @return fast reauthentication identity, NULL if not found + */ + identification_t* (*get_reauth)(sim_card_t *this, identification_t *id, + char mk[HASH_SIZE_SHA1], u_int16_t *counter); +}; + +#endif /** SIM_CARD_H_ @}*/ diff --git a/src/libcharon/sa/authenticators/eap/sim_hooks.h b/src/libcharon/sa/authenticators/eap/sim_hooks.h new file mode 100644 index 000000000..0a675e4ab --- /dev/null +++ b/src/libcharon/sa/authenticators/eap/sim_hooks.h @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sim_hooks sim_hooks + * @{ @ingroup eap + */ + +#ifndef SIM_HOOKS_H_ +#define SIM_HOOKS_H_ + +typedef struct sim_hooks_t sim_hooks_t; + +/** + * Additional hooks invoked during EAP-SIM/AKA message processing. + */ +struct sim_hooks_t { + + /** + * SIM/AKA message parsing. + * + * As a SIM/AKA optionally contains encrypted attributes, the hook + * might get invoked twice, once before and once after decryption. + * + * @param message SIM/AKA message + * @param inbound TRUE for incoming messages, FALSE for outgoing + * @param decrypted TRUE if AT_ENCR_DATA has been decrypted + */ + void (*message)(sim_hooks_t *this, simaka_message_t *message, + bool inbound, bool decrypted); + + /** + * SIM/AKA encryption/authentication key hooks. + * + * @param k_encr derived SIM/AKA encryption key k_encr + * @param k_auth derived SIM/AKA authentication key k_auth + */ + void (*keys)(sim_hooks_t *this, chunk_t k_encr, chunk_t k_auth); +}; + +#endif /** SIM_HOOKS_H_ @}*/ diff --git a/src/libcharon/sa/authenticators/eap/sim_manager.c b/src/libcharon/sa/authenticators/eap/sim_manager.c index 157865083..9ccaf5298 100644 --- a/src/libcharon/sa/authenticators/eap/sim_manager.c +++ b/src/libcharon/sa/authenticators/eap/sim_manager.c @@ -17,6 +17,7 @@ #include <daemon.h> #include <utils/linked_list.h> +#include <threading/rwlock.h> typedef struct private_sim_manager_t private_sim_manager_t; @@ -44,65 +45,67 @@ struct private_sim_manager_t { * list of added hooks */ linked_list_t *hooks; + + /** + * lock for lists above + */ + rwlock_t *lock; }; -/** - * Implementation of sim_manager_t.add_card - */ -static void add_card(private_sim_manager_t *this, sim_card_t *card) +METHOD(sim_manager_t, add_card, void, + private_sim_manager_t *this, sim_card_t *card) { + this->lock->write_lock(this->lock); this->cards->insert_last(this->cards, card); + this->lock->unlock(this->lock); } -/** - * Implementation of sim_manager_t.remove_card - */ -static void remove_card(private_sim_manager_t *this, sim_card_t *card) +METHOD(sim_manager_t, remove_card, void, + private_sim_manager_t *this, sim_card_t *card) { + this->lock->write_lock(this->lock); this->cards->remove(this->cards, card, NULL); + this->lock->unlock(this->lock); } -/** - * Implementation of sim_manager_t.card_get_triplet - */ -static bool card_get_triplet(private_sim_manager_t *this, identification_t *id, - char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], - char kc[SIM_KC_LEN]) +METHOD(sim_manager_t, card_get_triplet, bool, + private_sim_manager_t *this, identification_t *id, + char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]) { enumerator_t *enumerator; sim_card_t *card; int tried = 0; + this->lock->read_lock(this->lock); enumerator = this->cards->create_enumerator(this->cards); while (enumerator->enumerate(enumerator, &card)) { if (card->get_triplet(card, id, rand, sres, kc)) { enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return TRUE; } tried++; } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); DBG1(DBG_IKE, "tried %d SIM cards, but none has triplets for '%Y'", tried, id); return FALSE; } -/** - * Implementation of sim_manager_t.card_get_quintuplet - */ -static status_t card_get_quintuplet(private_sim_manager_t *this, - identification_t *id, char rand[AKA_RAND_LEN], - char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], - char ik[AKA_IK_LEN], char res[AKA_RES_MAX], - int *res_len) +METHOD(sim_manager_t, card_get_quintuplet, status_t, + private_sim_manager_t *this, identification_t *id, char rand[AKA_RAND_LEN], + char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], + char res[AKA_RES_MAX], int *res_len) { enumerator_t *enumerator; sim_card_t *card; status_t status = NOT_FOUND; int tried = 0; + this->lock->read_lock(this->lock); enumerator = this->cards->create_enumerator(this->cards); while (enumerator->enumerate(enumerator, &card)) { @@ -112,6 +115,7 @@ static status_t card_get_quintuplet(private_sim_manager_t *this, case SUCCESS: case INVALID_STATE: enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return status; case NOT_SUPPORTED: case FAILED: @@ -121,62 +125,62 @@ static status_t card_get_quintuplet(private_sim_manager_t *this, } } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); DBG1(DBG_IKE, "tried %d SIM cards, but none has quintuplets for '%Y'", tried, id); return status; } -/** - * Implementation of sim_manager_t.card_resync - */ -static bool card_resync(private_sim_manager_t *this, identification_t *id, - char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) +METHOD(sim_manager_t, card_resync, bool, + private_sim_manager_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) { enumerator_t *enumerator; sim_card_t *card; + this->lock->read_lock(this->lock); enumerator = this->cards->create_enumerator(this->cards); while (enumerator->enumerate(enumerator, &card)) { if (card->resync(card, id, rand, auts)) { enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return TRUE; } } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return FALSE; } -/** - * Implementation of sim_manager_t.card_set_pseudonym - */ -static void card_set_pseudonym(private_sim_manager_t *this, - identification_t *id, identification_t *pseudonym) +METHOD(sim_manager_t, card_set_pseudonym, void, + private_sim_manager_t *this, identification_t *id, + identification_t *pseudonym) { enumerator_t *enumerator; sim_card_t *card; DBG1(DBG_IKE, "storing pseudonym '%Y' for '%Y'", pseudonym, id); + this->lock->read_lock(this->lock); enumerator = this->cards->create_enumerator(this->cards); while (enumerator->enumerate(enumerator, &card)) { card->set_pseudonym(card, id, pseudonym); } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); } -/** - * Implementation of sim_manager_t.card_get_pseudonym - */ -static identification_t* card_get_pseudonym(private_sim_manager_t *this, - identification_t *id) +METHOD(sim_manager_t, card_get_pseudonym, identification_t*, + private_sim_manager_t *this, identification_t *id) { enumerator_t *enumerator; sim_card_t *card; identification_t *pseudonym = NULL; + this->lock->read_lock(this->lock); enumerator = this->cards->create_enumerator(this->cards); while (enumerator->enumerate(enumerator, &card)) { @@ -189,15 +193,13 @@ static identification_t* card_get_pseudonym(private_sim_manager_t *this, } } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return pseudonym; } -/** - * Implementation of sim_manager_t.card_set_reauth - */ -static void card_set_reauth(private_sim_manager_t *this, identification_t *id, - identification_t *next, char mk[HASH_SIZE_SHA1], - u_int16_t counter) +METHOD(sim_manager_t, card_set_reauth, void, + private_sim_manager_t *this, identification_t *id, identification_t *next, + char mk[HASH_SIZE_SHA1], u_int16_t counter) { enumerator_t *enumerator; sim_card_t *card; @@ -205,25 +207,25 @@ static void card_set_reauth(private_sim_manager_t *this, identification_t *id, DBG1(DBG_IKE, "storing next reauthentication identity '%Y' for '%Y'", next, id); + this->lock->read_lock(this->lock); enumerator = this->cards->create_enumerator(this->cards); while (enumerator->enumerate(enumerator, &card)) { card->set_reauth(card, id, next, mk, counter); } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); } -/** - * Implementation of sim_manager_t.card_get_reauth - */ -static identification_t* card_get_reauth(private_sim_manager_t *this, - identification_t *id, char mk[HASH_SIZE_SHA1], - u_int16_t *counter) +METHOD(sim_manager_t, card_get_reauth, identification_t*, + private_sim_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1], + u_int16_t *counter) { enumerator_t *enumerator; sim_card_t *card; identification_t *reauth = NULL; + this->lock->read_lock(this->lock); enumerator = this->cards->create_enumerator(this->cards); while (enumerator->enumerate(enumerator, &card)) { @@ -236,66 +238,63 @@ static identification_t* card_get_reauth(private_sim_manager_t *this, } } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return reauth; } -/** - * Implementation of sim_manager_t.add_provider - */ -static void add_provider(private_sim_manager_t *this, sim_provider_t *provider) +METHOD(sim_manager_t, add_provider, void, + private_sim_manager_t *this, sim_provider_t *provider) { + this->lock->write_lock(this->lock); this->providers->insert_last(this->providers, provider); + this->lock->unlock(this->lock); } -/** - * Implementation of sim_manager_t.remove_provider - */ -static void remove_provider(private_sim_manager_t *this, - sim_provider_t *provider) +METHOD(sim_manager_t, remove_provider, void, + private_sim_manager_t *this, sim_provider_t *provider) { + this->lock->write_lock(this->lock); this->providers->remove(this->providers, provider, NULL); + this->lock->unlock(this->lock); } -/** - * Implementation of sim_manager_t.provider_get_triplet - */ -static bool provider_get_triplet(private_sim_manager_t *this, - identification_t *id, char rand[SIM_RAND_LEN], - char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]) +METHOD(sim_manager_t, provider_get_triplet, bool, + private_sim_manager_t *this, identification_t *id, char rand[SIM_RAND_LEN], + char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]) { enumerator_t *enumerator; sim_provider_t *provider; int tried = 0; + this->lock->read_lock(this->lock); enumerator = this->providers->create_enumerator(this->providers); while (enumerator->enumerate(enumerator, &provider)) { if (provider->get_triplet(provider, id, rand, sres, kc)) { enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return TRUE; } tried++; } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); DBG1(DBG_IKE, "tried %d SIM providers, but none had a triplet for '%Y'", tried, id); return FALSE; } -/** - * Implementation of sim_manager_t.provider_get_quintuplet - */ -static bool provider_get_quintuplet(private_sim_manager_t *this, - identification_t *id, char rand[AKA_RAND_LEN], - char xres[AKA_RES_MAX], int *xres_len, - char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], - char autn[AKA_AUTN_LEN]) +METHOD(sim_manager_t, provider_get_quintuplet, bool, + private_sim_manager_t *this, identification_t *id, char rand[AKA_RAND_LEN], + char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], + char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]) { enumerator_t *enumerator; sim_provider_t *provider; int tried = 0; + this->lock->read_lock(this->lock); enumerator = this->providers->create_enumerator(this->providers); while (enumerator->enumerate(enumerator, &provider)) { @@ -303,47 +302,48 @@ static bool provider_get_quintuplet(private_sim_manager_t *this, ck, ik, autn)) { enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return TRUE; } } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); DBG1(DBG_IKE, "tried %d SIM providers, but none had a quintuplet for '%Y'", tried, id); return FALSE; } -/** - * Implementation of sim_manager_t.provider_resync - */ -static bool provider_resync(private_sim_manager_t *this, identification_t *id, - char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) +METHOD(sim_manager_t, provider_resync, bool, + private_sim_manager_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) { enumerator_t *enumerator; sim_provider_t *provider; + this->lock->read_lock(this->lock); enumerator = this->providers->create_enumerator(this->providers); while (enumerator->enumerate(enumerator, &provider)) { if (provider->resync(provider, id, rand, auts)) { enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return TRUE; } } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return FALSE; } -/** - * Implementation of sim_manager_t.provider_is_pseudonym - */ -static identification_t* provider_is_pseudonym(private_sim_manager_t *this, - identification_t *id) +METHOD(sim_manager_t, provider_is_pseudonym, identification_t*, + private_sim_manager_t *this, identification_t *id) { enumerator_t *enumerator; sim_provider_t *provider; identification_t *permanent = NULL; + this->lock->read_lock(this->lock); enumerator = this->providers->create_enumerator(this->providers); while (enumerator->enumerate(enumerator, &provider)) { @@ -356,19 +356,18 @@ static identification_t* provider_is_pseudonym(private_sim_manager_t *this, } } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return permanent; } -/** - * Implementation of sim_manager_t.provider_gen_pseudonym - */ -static identification_t* provider_gen_pseudonym(private_sim_manager_t *this, - identification_t *id) +METHOD(sim_manager_t, provider_gen_pseudonym, identification_t*, + private_sim_manager_t *this, identification_t *id) { enumerator_t *enumerator; sim_provider_t *provider; identification_t *pseudonym = NULL; + this->lock->read_lock(this->lock); enumerator = this->providers->create_enumerator(this->providers); while (enumerator->enumerate(enumerator, &provider)) { @@ -380,20 +379,19 @@ static identification_t* provider_gen_pseudonym(private_sim_manager_t *this, } } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return pseudonym; } -/** - * Implementation of sim_manager_t.provider_is_reauth - */ -static identification_t* provider_is_reauth(private_sim_manager_t *this, - identification_t *id, char mk[HASH_SIZE_SHA1], - u_int16_t *counter) +METHOD(sim_manager_t, provider_is_reauth, identification_t*, + private_sim_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1], + u_int16_t *counter) { enumerator_t *enumerator; sim_provider_t *provider; identification_t *permanent = NULL; + this->lock->read_lock(this->lock); enumerator = this->providers->create_enumerator(this->providers); while (enumerator->enumerate(enumerator, &provider)) { @@ -406,19 +404,18 @@ static identification_t* provider_is_reauth(private_sim_manager_t *this, } } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return permanent; } -/** - * Implementation of sim_manager_t.provider_gen_reauth - */ -static identification_t* provider_gen_reauth(private_sim_manager_t *this, - identification_t *id, char mk[HASH_SIZE_SHA1]) +METHOD(sim_manager_t, provider_gen_reauth, identification_t*, + private_sim_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1]) { enumerator_t *enumerator; sim_provider_t *provider; identification_t *reauth = NULL; + this->lock->read_lock(this->lock); enumerator = this->providers->create_enumerator(this->providers); while (enumerator->enumerate(enumerator, &provider)) { @@ -430,67 +427,66 @@ static identification_t* provider_gen_reauth(private_sim_manager_t *this, } } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); return reauth; } -/** - * Implementation of sim_manager_t.add_hooks - */ -static void add_hooks(private_sim_manager_t *this, sim_hooks_t *hooks) +METHOD(sim_manager_t, add_hooks, void, + private_sim_manager_t *this, sim_hooks_t *hooks) { + this->lock->write_lock(this->lock); this->hooks->insert_last(this->hooks, hooks); + this->lock->unlock(this->lock); } -/** - * Implementation of sim_manager_t.remove_hooks - */ -static void remove_hooks(private_sim_manager_t *this, sim_hooks_t *hooks) +METHOD(sim_manager_t, remove_hooks, void, + private_sim_manager_t *this, sim_hooks_t *hooks) { + this->lock->write_lock(this->lock); this->hooks->remove(this->hooks, hooks, NULL); + this->lock->unlock(this->lock); } -/** - * Implementation of sim_manager_t.message_hook - */ -static void message_hook(private_sim_manager_t *this, - simaka_message_t *message, bool inbound, bool decrypted) +METHOD(sim_manager_t, message_hook, void, + private_sim_manager_t *this, simaka_message_t *message, + bool inbound, bool decrypted) { enumerator_t *enumerator; sim_hooks_t *hooks; + this->lock->read_lock(this->lock); enumerator = this->hooks->create_enumerator(this->hooks); while (enumerator->enumerate(enumerator, &hooks)) { hooks->message(hooks, message, inbound, decrypted); } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); } -/** - * Implementation of sim_manager_t.key_hook - */ -static void key_hook(private_sim_manager_t *this, - chunk_t k_encr, chunk_t k_auth) +METHOD(sim_manager_t, key_hook, void, + private_sim_manager_t *this, chunk_t k_encr, chunk_t k_auth) { enumerator_t *enumerator; sim_hooks_t *hooks; + this->lock->read_lock(this->lock); enumerator = this->hooks->create_enumerator(this->hooks); while (enumerator->enumerate(enumerator, &hooks)) { hooks->keys(hooks, k_encr, k_auth); } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); } -/** - * Implementation of sim_manager_t.destroy. - */ -static void destroy(private_sim_manager_t *this) +METHOD(sim_manager_t, destroy, void, + private_sim_manager_t *this) { this->cards->destroy(this->cards); this->providers->destroy(this->providers); this->hooks->destroy(this->hooks); + this->lock->destroy(this->lock); free(this); } @@ -499,35 +495,39 @@ static void destroy(private_sim_manager_t *this) */ sim_manager_t *sim_manager_create() { - private_sim_manager_t *this = malloc_thing(private_sim_manager_t); - - this->public.add_card = (void(*)(sim_manager_t*, sim_card_t *card))add_card; - this->public.remove_card = (void(*)(sim_manager_t*, sim_card_t *card))remove_card; - this->public.card_get_triplet = (bool(*)(sim_manager_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))card_get_triplet; - this->public.card_get_quintuplet = (status_t(*)(sim_manager_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len))card_get_quintuplet; - this->public.card_resync = (bool(*)(sim_manager_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))card_resync; - this->public.card_set_pseudonym = (void(*)(sim_manager_t*, identification_t *id, identification_t *pseudonym))card_set_pseudonym; - this->public.card_get_pseudonym = (identification_t*(*)(sim_manager_t*, identification_t *id))card_get_pseudonym; - this->public.card_set_reauth = (void(*)(sim_manager_t*, identification_t *id, identification_t *next, char mk[HASH_SIZE_SHA1], u_int16_t counter))card_set_reauth; - this->public.card_get_reauth = (identification_t*(*)(sim_manager_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))card_get_reauth; - this->public.add_provider = (void(*)(sim_manager_t*, sim_provider_t *provider))add_provider; - this->public.remove_provider = (void(*)(sim_manager_t*, sim_provider_t *provider))remove_provider; - this->public.provider_get_triplet = (bool(*)(sim_manager_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))provider_get_triplet; - this->public.provider_get_quintuplet = (bool(*)(sim_manager_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))provider_get_quintuplet; - this->public.provider_resync = (bool(*)(sim_manager_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))provider_resync; - this->public.provider_is_pseudonym = (identification_t*(*)(sim_manager_t*, identification_t *id))provider_is_pseudonym; - this->public.provider_gen_pseudonym = (identification_t*(*)(sim_manager_t*, identification_t *id))provider_gen_pseudonym; - this->public.provider_is_reauth = (identification_t*(*)(sim_manager_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))provider_is_reauth; - this->public.provider_gen_reauth = (identification_t*(*)(sim_manager_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))provider_gen_reauth; - this->public.add_hooks = (void(*)(sim_manager_t*, sim_hooks_t *hooks))add_hooks; - this->public.remove_hooks = (void(*)(sim_manager_t*, sim_hooks_t *hooks))remove_hooks; - this->public.message_hook = (void(*)(sim_manager_t*, simaka_message_t *message, bool inbound, bool decrypted))message_hook; - this->public.key_hook = (void(*)(sim_manager_t*, chunk_t k_encr, chunk_t k_auth))key_hook; - this->public.destroy = (void(*)(sim_manager_t*))destroy; - - this->cards = linked_list_create(); - this->providers = linked_list_create(); - this->hooks = linked_list_create(); + private_sim_manager_t *this; + + INIT(this, + .public = { + .add_card = _add_card, + .remove_card = _remove_card, + .card_get_triplet = _card_get_triplet, + .card_get_quintuplet = _card_get_quintuplet, + .card_resync = _card_resync, + .card_set_pseudonym = _card_set_pseudonym, + .card_get_pseudonym = _card_get_pseudonym, + .card_set_reauth = _card_set_reauth, + .card_get_reauth = _card_get_reauth, + .add_provider = _add_provider, + .remove_provider = _remove_provider, + .provider_get_triplet = _provider_get_triplet, + .provider_get_quintuplet = _provider_get_quintuplet, + .provider_resync = _provider_resync, + .provider_is_pseudonym = _provider_is_pseudonym, + .provider_gen_pseudonym = _provider_gen_pseudonym, + .provider_is_reauth = _provider_is_reauth, + .provider_gen_reauth = _provider_gen_reauth, + .add_hooks = _add_hooks, + .remove_hooks = _remove_hooks, + .message_hook = _message_hook, + .key_hook = _key_hook, + .destroy = _destroy, + }, + .cards = linked_list_create(), + .providers = linked_list_create(), + .hooks = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); return &this->public; } diff --git a/src/libcharon/sa/authenticators/eap/sim_manager.h b/src/libcharon/sa/authenticators/eap/sim_manager.h index 9aa661ac8..db4a65011 100644 --- a/src/libcharon/sa/authenticators/eap/sim_manager.h +++ b/src/libcharon/sa/authenticators/eap/sim_manager.h @@ -27,9 +27,6 @@ #include <sa/authenticators/eap/eap_method.h> typedef struct sim_manager_t sim_manager_t; -typedef struct sim_card_t sim_card_t; -typedef struct sim_provider_t sim_provider_t; -typedef struct sim_hooks_t sim_hooks_t; /** implemented in libsimaka, but we need it for the message hook */ typedef struct simaka_message_t simaka_message_t; @@ -45,229 +42,9 @@ typedef struct simaka_message_t simaka_message_t; #define AKA_AUTN_LEN 16 #define AKA_AUTS_LEN 14 -/** - * Interface for a (U)SIM card (used as EAP client). - * - * The SIM card completes triplets/quintuplets requested in a challenge - * received from the server. - * An implementation supporting only one of SIM/AKA authentication may - * implement the other methods with return_false()/return NOT_SUPPORTED/NULL. - */ -struct sim_card_t { - - /** - * Calculate SRES/KC from a RAND for SIM authentication. - * - * @param id permanent identity to get a triplet for - * @param rand RAND input buffer, fixed size 16 bytes - * @param sres SRES output buffer, fixed size 4 byte - * @param kc KC output buffer, fixed size 8 bytes - * @return TRUE if SRES/KC calculated, FALSE on error/wrong identity - */ - bool (*get_triplet)(sim_card_t *this, identification_t *id, - char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], - char kc[SIM_KC_LEN]); - - /** - * Calculate CK/IK/RES from RAND/AUTN for AKA authentication. - * - * If the received sequence number (in autn) is out of sync, INVALID_STATE - * is returned. - * The RES value is the only one with variable length. Pass a buffer - * of at least AKA_RES_MAX, the actual number of bytes is written to the - * res_len value. While the standard would allow any bit length between - * 32 and 128 bits, we support only full bytes for now. - * - * @param id permanent identity to request quintuplet for - * @param rand random value rand - * @param autn authentication token autn - * @param ck buffer receiving encryption key ck - * @param ik buffer receiving integrity key ik - * @param res buffer receiving authentication result res - * @param res_len nubmer of bytes written to res buffer - * @return SUCCESS, FAILED, or INVALID_STATE if out of sync - */ - status_t (*get_quintuplet)(sim_card_t *this, identification_t *id, - char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], - char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], - char res[AKA_RES_MAX], int *res_len); - - /** - * Calculate AUTS from RAND for AKA resynchronization. - * - * @param id permanent identity to request quintuplet for - * @param rand random value rand - * @param auts resynchronization parameter auts - * @return TRUE if parameter generated successfully - */ - bool (*resync)(sim_card_t *this, identification_t *id, - char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]); - - /** - * Set the pseudonym to use for next authentication. - * - * @param id permanent identity of the peer - * @param pseudonym pseudonym identity received from the server - */ - void (*set_pseudonym)(sim_card_t *this, identification_t *id, - identification_t *pseudonym); - - /** - * Get the pseudonym previously stored via set_pseudonym(). - * - * @param id permanent identity of the peer - * @return associated pseudonym identity, NULL if none stored - */ - identification_t* (*get_pseudonym)(sim_card_t *this, identification_t *id); - - /** - * Store parameters to use for the next fast reauthentication. - * - * @param id permanent identity of the peer - * @param next next fast reauthentication identity to use - * @param mk master key MK to store for reauthentication - * @param counter counter value to store, host order - */ - void (*set_reauth)(sim_card_t *this, identification_t *id, - identification_t *next, char mk[HASH_SIZE_SHA1], - u_int16_t counter); - - /** - * Retrieve parameters for fast reauthentication stored via set_reauth(). - * - * @param id permanent identity of the peer - * @param mk buffer receiving master key MK - * @param counter pointer receiving counter value, in host order - * @return fast reauthentication identity, NULL if not found - */ - identification_t* (*get_reauth)(sim_card_t *this, identification_t *id, - char mk[HASH_SIZE_SHA1], u_int16_t *counter); -}; - -/** - * Interface for a triplet/quintuplet provider (used as EAP server). - * - * A SIM provider hands out triplets for SIM authentication and quintuplets - * for AKA authentication. Multiple SIM provider instances can serve as - * authentication backend to authenticate clients using SIM/AKA. - * An implementation supporting only one of SIM/AKA authentication may - * implement the other methods with return_false(). - */ -struct sim_provider_t { - - /** - * Create a challenge for SIM authentication. - * - * @param id permanent identity of peer to gen triplet for - * @param rand RAND output buffer, fixed size 16 bytes - * @param sres SRES output buffer, fixed size 4 byte - * @param kc KC output buffer, fixed size 8 bytes - * @return TRUE if triplet received, FALSE otherwise - */ - bool (*get_triplet)(sim_provider_t *this, identification_t *id, - char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], - char kc[SIM_KC_LEN]); - - /** - * Create a challenge for AKA authentication. - * - * The XRES value is the only one with variable length. Pass a buffer - * of at least AKA_RES_MAX, the actual number of bytes is written to the - * xres_len value. While the standard would allow any bit length between - * 32 and 128 bits, we support only full bytes for now. - * - * @param id permanent identity of peer to create challenge for - * @param rand buffer receiving random value rand - * @param xres buffer receiving expected authentication result xres - * @param xres_len nubmer of bytes written to xres buffer - * @param ck buffer receiving encryption key ck - * @param ik buffer receiving integrity key ik - * @param autn authentication token autn - * @return TRUE if quintuplet generated successfully - */ - bool (*get_quintuplet)(sim_provider_t *this, identification_t *id, - char rand[AKA_RAND_LEN], - char xres[AKA_RES_MAX], int *xres_len, - char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], - char autn[AKA_AUTN_LEN]); - - /** - * Process AKA resynchroniusation request of a peer. - * - * @param id permanent identity of peer requesting resynchronisation - * @param rand random value rand - * @param auts synchronization parameter auts - * @return TRUE if resynchronized successfully - */ - bool (*resync)(sim_provider_t *this, identification_t *id, - char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]); - - /** - * Check if peer uses a pseudonym, get permanent identity. - * - * @param id pseudonym identity candidate - * @return permanent identity, NULL if id not a pseudonym - */ - identification_t* (*is_pseudonym)(sim_provider_t *this, - identification_t *id); - - /** - * Generate a pseudonym identitiy for a given peer identity. - * - * @param id permanent identity to generate a pseudonym for - * @return generated pseudonym, NULL to not use a pseudonym identity - */ - identification_t* (*gen_pseudonym)(sim_provider_t *this, - identification_t *id); - - /** - * Check if peer uses reauthentication, retrieve reauth parameters. - * - * @param id reauthentication identity (candidate) - * @param mk buffer receiving master key MK - * @param counter pointer receiving current counter value, host order - * @return permanent identity, NULL if id not a reauth identity - */ - identification_t* (*is_reauth)(sim_provider_t *this, identification_t *id, - char mk[HASH_SIZE_SHA1], u_int16_t *counter); - - /** - * Generate a fast reauthentication identity, associated to a master key. - * - * @param id permanent peer identity - * @param mk master key to store along with generated identity - * @return fast reauthentication identity, NULL to not use reauth - */ - identification_t* (*gen_reauth)(sim_provider_t *this, identification_t *id, - char mk[HASH_SIZE_SHA1]); -}; - -/** - * Additional hooks invoked during EAP-SIM/AKA message processing. - */ -struct sim_hooks_t { - - /** - * SIM/AKA message parsing. - * - * As a SIM/AKA optionally contains encrypted attributes, the hook - * might get invoked twice, once before and once after decryption. - * - * @param message SIM/AKA message - * @param inbound TRUE for incoming messages, FALSE for outgoing - * @param decrypted TRUE if AT_ENCR_DATA has been decrypted - */ - void (*message)(sim_hooks_t *this, simaka_message_t *message, - bool inbound, bool decrypted); - - /** - * SIM/AKA encryption/authentication key hooks. - * - * @param k_encr derived SIM/AKA encryption key k_encr - * @param k_auth derived SIM/AKA authentication key k_auth - */ - void (*keys)(sim_hooks_t *this, chunk_t k_encr, chunk_t k_auth); -}; +#include <sa/authenticators/eap/sim_card.h> +#include <sa/authenticators/eap/sim_provider.h> +#include <sa/authenticators/eap/sim_hooks.h> /** * The SIM manager handles multiple (U)SIM cards/providers and hooks. diff --git a/src/libcharon/sa/authenticators/eap/sim_provider.h b/src/libcharon/sa/authenticators/eap/sim_provider.h new file mode 100644 index 000000000..191e094db --- /dev/null +++ b/src/libcharon/sa/authenticators/eap/sim_provider.h @@ -0,0 +1,124 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sim_provider sim_provider + * @{ @ingroup eap + */ + +#ifndef SIM_PROVIDER_H_ +#define SIM_PROVIDER_H_ + +typedef struct sim_provider_t sim_provider_t; + +/** + * Interface for a triplet/quintuplet provider (used as EAP server). + * + * A SIM provider hands out triplets for SIM authentication and quintuplets + * for AKA authentication. Multiple SIM provider instances can serve as + * authentication backend to authenticate clients using SIM/AKA. + * An implementation supporting only one of SIM/AKA authentication may + * implement the other methods with return_false(). + */ +struct sim_provider_t { + + /** + * Create a challenge for SIM authentication. + * + * @param id permanent identity of peer to gen triplet for + * @param rand RAND output buffer, fixed size 16 bytes + * @param sres SRES output buffer, fixed size 4 byte + * @param kc KC output buffer, fixed size 8 bytes + * @return TRUE if triplet received, FALSE otherwise + */ + bool (*get_triplet)(sim_provider_t *this, identification_t *id, + char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], + char kc[SIM_KC_LEN]); + + /** + * Create a challenge for AKA authentication. + * + * The XRES value is the only one with variable length. Pass a buffer + * of at least AKA_RES_MAX, the actual number of bytes is written to the + * xres_len value. While the standard would allow any bit length between + * 32 and 128 bits, we support only full bytes for now. + * + * @param id permanent identity of peer to create challenge for + * @param rand buffer receiving random value rand + * @param xres buffer receiving expected authentication result xres + * @param xres_len nubmer of bytes written to xres buffer + * @param ck buffer receiving encryption key ck + * @param ik buffer receiving integrity key ik + * @param autn authentication token autn + * @return TRUE if quintuplet generated successfully + */ + bool (*get_quintuplet)(sim_provider_t *this, identification_t *id, + char rand[AKA_RAND_LEN], + char xres[AKA_RES_MAX], int *xres_len, + char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], + char autn[AKA_AUTN_LEN]); + + /** + * Process AKA resynchroniusation request of a peer. + * + * @param id permanent identity of peer requesting resynchronisation + * @param rand random value rand + * @param auts synchronization parameter auts + * @return TRUE if resynchronized successfully + */ + bool (*resync)(sim_provider_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]); + + /** + * Check if peer uses a pseudonym, get permanent identity. + * + * @param id pseudonym identity candidate + * @return permanent identity, NULL if id not a pseudonym + */ + identification_t* (*is_pseudonym)(sim_provider_t *this, + identification_t *id); + + /** + * Generate a pseudonym identitiy for a given peer identity. + * + * @param id permanent identity to generate a pseudonym for + * @return generated pseudonym, NULL to not use a pseudonym identity + */ + identification_t* (*gen_pseudonym)(sim_provider_t *this, + identification_t *id); + + /** + * Check if peer uses reauthentication, retrieve reauth parameters. + * + * @param id reauthentication identity (candidate) + * @param mk buffer receiving master key MK + * @param counter pointer receiving current counter value, host order + * @return permanent identity, NULL if id not a reauth identity + */ + identification_t* (*is_reauth)(sim_provider_t *this, identification_t *id, + char mk[HASH_SIZE_SHA1], u_int16_t *counter); + + /** + * Generate a fast reauthentication identity, associated to a master key. + * + * @param id permanent peer identity + * @param mk master key to store along with generated identity + * @return fast reauthentication identity, NULL to not use reauth + */ + identification_t* (*gen_reauth)(sim_provider_t *this, identification_t *id, + char mk[HASH_SIZE_SHA1]); +}; + +#endif /** SIM_CARD_H_ @}*/ diff --git a/src/libcharon/sa/authenticators/eap_authenticator.c b/src/libcharon/sa/authenticators/eap_authenticator.c index a5268e186..d442acb00 100644 --- a/src/libcharon/sa/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/authenticators/eap_authenticator.c @@ -58,14 +58,11 @@ struct private_eap_authenticator_t { chunk_t sent_init; /** -<<<<<<< HEAD -======= * Reserved bytes of ID payload */ char reserved[3]; /** ->>>>>>> upstream/4.5.1 * Current EAP method processing */ eap_method_t *method; @@ -186,16 +183,18 @@ static eap_payload_t* server_initiate_eap(private_eap_authenticator_t *this, if (this->method) { action = "initiating"; + type = this->method->get_type(this->method, &vendor); if (this->method->initiate(this->method, &out) == NEED_MORE) { if (vendor) { - DBG1(DBG_IKE, "initiating EAP vendor type %d-%d method", - type, vendor); + DBG1(DBG_IKE, "initiating EAP vendor type %d-%d method (id 0x%02X)", + type, vendor, out->get_identifier(out)); } else { - DBG1(DBG_IKE, "initiating %N method", eap_type_names, type); + DBG1(DBG_IKE, "initiating %N method (id 0x%02X)", eap_type_names, + type, out->get_identifier(out)); } return out; } @@ -374,13 +373,13 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this, { if (vendor) { - DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%d", - type, vendor); + DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%d ", + "(id 0x%02X)", type, vendor, in->get_identifier(in)); } else { - DBG1(DBG_IKE, "server requested %N authentication", - eap_type_names, type); + DBG1(DBG_IKE, "server requested %N authentication (id 0x%02X)", + eap_type_names, type, in->get_identifier(in)); } this->method = load_method(this, type, vendor, EAP_PEER); if (!this->method) @@ -430,11 +429,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message, other_id = this->ike_sa->get_other_id(this->ike_sa); keymat = this->ike_sa->get_keymat(this->ike_sa); auth_data = keymat->get_psk_sig(keymat, TRUE, init, nonce, -<<<<<<< HEAD - this->msk, other_id); -======= this->msk, other_id, this->reserved); ->>>>>>> upstream/4.5.1 recv_auth_data = auth_payload->get_data(auth_payload); if (!auth_data.len || !chunk_equals(auth_data, recv_auth_data)) { @@ -470,12 +465,8 @@ static void build_auth(private_eap_authenticator_t *this, message_t *message, DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N", my_id, auth_class_names, AUTH_CLASS_EAP); -<<<<<<< HEAD - auth_data = keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk, my_id); -======= auth_data = keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk, my_id, this->reserved); ->>>>>>> upstream/4.5.1 auth_payload = auth_payload_create(); auth_payload->set_auth_method(auth_payload, AUTH_PSK); auth_payload->set_data(auth_payload, auth_data); @@ -659,12 +650,8 @@ METHOD(authenticator_t, destroy, void, */ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_nonce, -<<<<<<< HEAD - chunk_t received_init, chunk_t sent_init) -======= chunk_t received_init, chunk_t sent_init, char reserved[3]) ->>>>>>> upstream/4.5.1 { private_eap_authenticator_t *this; @@ -683,10 +670,7 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, .sent_init = sent_init, .sent_nonce = sent_nonce, ); -<<<<<<< HEAD -======= memcpy(this->reserved, reserved, sizeof(this->reserved)); ->>>>>>> upstream/4.5.1 return &this->public; } @@ -696,12 +680,8 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, */ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_nonce, -<<<<<<< HEAD - chunk_t received_init, chunk_t sent_init) -======= chunk_t received_init, chunk_t sent_init, char reserved[3]) ->>>>>>> upstream/4.5.1 { private_eap_authenticator_t *this; @@ -720,10 +700,7 @@ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa, .sent_init = sent_init, .sent_nonce = sent_nonce, ); -<<<<<<< HEAD -======= memcpy(this->reserved, reserved, sizeof(this->reserved)); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/sa/authenticators/eap_authenticator.h b/src/libcharon/sa/authenticators/eap_authenticator.h index 625084d4f..726411a18 100644 --- a/src/libcharon/sa/authenticators/eap_authenticator.h +++ b/src/libcharon/sa/authenticators/eap_authenticator.h @@ -75,20 +75,13 @@ struct eap_authenticator_t { * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data * @param sent_init sent IKE_SA_INIT message data -<<<<<<< HEAD -======= * @param reserved reserved bytes of ID payload ->>>>>>> upstream/4.5.1 * @return EAP authenticator */ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_nonce, -<<<<<<< HEAD - chunk_t received_init, chunk_t sent_init); -======= chunk_t received_init, chunk_t sent_init, char reserved[3]); ->>>>>>> upstream/4.5.1 /** * Create an authenticator to authenticate EAP clients. @@ -98,19 +91,12 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data * @param sent_init sent IKE_SA_INIT message data -<<<<<<< HEAD -======= * @param reserved reserved bytes of ID payload ->>>>>>> upstream/4.5.1 * @return EAP authenticator */ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_nonce, -<<<<<<< HEAD - chunk_t received_init, chunk_t sent_init); -======= chunk_t received_init, chunk_t sent_init, char reserved[3]); ->>>>>>> upstream/4.5.1 #endif /** EAP_AUTHENTICATOR_H_ @}*/ diff --git a/src/libcharon/sa/authenticators/psk_authenticator.c b/src/libcharon/sa/authenticators/psk_authenticator.c index 9789ec93b..21fc0f9b8 100644 --- a/src/libcharon/sa/authenticators/psk_authenticator.c +++ b/src/libcharon/sa/authenticators/psk_authenticator.c @@ -45,14 +45,6 @@ struct private_psk_authenticator_t { * IKE_SA_INIT message data to include in AUTH calculation */ chunk_t ike_sa_init; -<<<<<<< HEAD -}; - -/* - * Implementation of authenticator_t.build for builder - */ -static status_t build(private_psk_authenticator_t *this, message_t *message) -======= /** * Reserved bytes of ID payload @@ -62,7 +54,6 @@ static status_t build(private_psk_authenticator_t *this, message_t *message) METHOD(authenticator_t, build, status_t, private_psk_authenticator_t *this, message_t *message) ->>>>>>> upstream/4.5.1 { identification_t *my_id, *other_id; auth_payload_t *auth_payload; @@ -82,11 +73,7 @@ METHOD(authenticator_t, build, status_t, return NOT_FOUND; } auth_data = keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, -<<<<<<< HEAD - this->nonce, key->get_key(key), my_id); -======= this->nonce, key->get_key(key), my_id, this->reserved); ->>>>>>> upstream/4.5.1 key->destroy(key); DBG2(DBG_IKE, "successfully created shared key MAC"); auth_payload = auth_payload_create(); @@ -98,15 +85,8 @@ METHOD(authenticator_t, build, status_t, return SUCCESS; } -<<<<<<< HEAD -/** - * Implementation of authenticator_t.process for verifier - */ -static status_t process(private_psk_authenticator_t *this, message_t *message) -======= METHOD(authenticator_t, process, status_t, private_psk_authenticator_t *this, message_t *message) ->>>>>>> upstream/4.5.1 { chunk_t auth_data, recv_auth_data; identification_t *my_id, *other_id; @@ -134,11 +114,7 @@ METHOD(authenticator_t, process, status_t, keys_found++; auth_data = keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, -<<<<<<< HEAD - this->nonce, key->get_key(key), other_id); -======= this->nonce, key->get_key(key), other_id, this->reserved); ->>>>>>> upstream/4.5.1 if (auth_data.len && chunk_equals(auth_data, recv_auth_data)) { DBG1(DBG_IKE, "authentication of '%Y' with %N successful", @@ -166,24 +142,8 @@ METHOD(authenticator_t, process, status_t, return SUCCESS; } -<<<<<<< HEAD -/** - * Implementation of authenticator_t.process for builder - * Implementation of authenticator_t.build for verifier - */ -static status_t return_failed() -{ - return FAILED; -} - -/** - * Implementation of authenticator_t.destroy. - */ -static void destroy(private_psk_authenticator_t *this) -======= METHOD(authenticator_t, destroy, void, private_psk_authenticator_t *this) ->>>>>>> upstream/4.5.1 { free(this); } @@ -192,20 +152,6 @@ METHOD(authenticator_t, destroy, void, * Described in header. */ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, -<<<<<<< HEAD - chunk_t received_nonce, chunk_t sent_init) -{ - private_psk_authenticator_t *this = malloc_thing(private_psk_authenticator_t); - - this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))build; - this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))return_failed; - this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; - this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - - this->ike_sa = ike_sa; - this->ike_sa_init = sent_init; - this->nonce = received_nonce; -======= chunk_t received_nonce, chunk_t sent_init, char reserved[3]) { @@ -225,7 +171,6 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, .nonce = received_nonce, ); memcpy(this->reserved, reserved, sizeof(this->reserved)); ->>>>>>> upstream/4.5.1 return &this->public; } @@ -234,20 +179,6 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, * Described in header. */ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, -<<<<<<< HEAD - chunk_t sent_nonce, chunk_t received_init) -{ - private_psk_authenticator_t *this = malloc_thing(private_psk_authenticator_t); - - this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *messageh))return_failed; - this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process; - this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; - this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - - this->ike_sa = ike_sa; - this->ike_sa_init = received_init; - this->nonce = sent_nonce; -======= chunk_t sent_nonce, chunk_t received_init, char reserved[3]) { @@ -267,7 +198,6 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, .nonce = sent_nonce, ); memcpy(this->reserved, reserved, sizeof(this->reserved)); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/sa/authenticators/psk_authenticator.h b/src/libcharon/sa/authenticators/psk_authenticator.h index 2897c3fe2..8cf1a0f98 100644 --- a/src/libcharon/sa/authenticators/psk_authenticator.h +++ b/src/libcharon/sa/authenticators/psk_authenticator.h @@ -42,19 +42,12 @@ struct psk_authenticator_t { * @param ike_sa associated ike_sa * @param received_nonce nonce received in IKE_SA_INIT * @param sent_init sent IKE_SA_INIT message data -<<<<<<< HEAD - * @return PSK authenticator - */ -psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, - chunk_t received_nonce, chunk_t sent_init); -======= * @param reserved reserved bytes of ID payload * @return PSK authenticator */ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_init, char reserved[3]); ->>>>>>> upstream/4.5.1 /** * Create an authenticator to verify PSK signatures. @@ -62,18 +55,11 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, * @param ike_sa associated ike_sa * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data -<<<<<<< HEAD - * @return PSK authenticator - */ -psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, - chunk_t sent_nonce, chunk_t received_init); -======= * @param reserved reserved bytes of ID payload * @return PSK authenticator */ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t sent_nonce, chunk_t received_init, char reserved[3]); ->>>>>>> upstream/4.5.1 #endif /** PSK_AUTHENTICATOR_H_ @}*/ diff --git a/src/libcharon/sa/authenticators/pubkey_authenticator.c b/src/libcharon/sa/authenticators/pubkey_authenticator.c index 030433db0..247891670 100644 --- a/src/libcharon/sa/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/authenticators/pubkey_authenticator.c @@ -46,14 +46,6 @@ struct private_pubkey_authenticator_t { * IKE_SA_INIT message data to include in AUTH calculation */ chunk_t ike_sa_init; -<<<<<<< HEAD -}; - -/** - * Implementation of authenticator_t.build for builder - */ -static status_t build(private_pubkey_authenticator_t *this, message_t *message) -======= /** * Reserved bytes of ID payload @@ -63,7 +55,6 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message) METHOD(authenticator_t, build, status_t, private_pubkey_authenticator_t *this, message_t *message) ->>>>>>> upstream/4.5.1 { chunk_t octets, auth_data; status_t status = FAILED; @@ -121,11 +112,7 @@ METHOD(authenticator_t, build, status_t, } keymat = this->ike_sa->get_keymat(this->ike_sa); octets = keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init, -<<<<<<< HEAD - this->nonce, id); -======= this->nonce, id, this->reserved); ->>>>>>> upstream/4.5.1 if (private->sign(private, scheme, octets, &auth_data)) { auth_payload = auth_payload_create(); @@ -144,15 +131,8 @@ METHOD(authenticator_t, build, status_t, return status; } -<<<<<<< HEAD -/** - * Implementation of authenticator_t.process for verifier - */ -static status_t process(private_pubkey_authenticator_t *this, message_t *message) -======= METHOD(authenticator_t, process, status_t, private_pubkey_authenticator_t *this, message_t *message) ->>>>>>> upstream/4.5.1 { public_key_t *public; auth_method_t auth_method; @@ -196,11 +176,7 @@ METHOD(authenticator_t, process, status_t, id = this->ike_sa->get_other_id(this->ike_sa); keymat = this->ike_sa->get_keymat(this->ike_sa); octets = keymat->get_auth_octets(keymat, TRUE, this->ike_sa_init, -<<<<<<< HEAD - this->nonce, id); -======= this->nonce, id, this->reserved); ->>>>>>> upstream/4.5.1 auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); enumerator = lib->credmgr->create_public_enumerator(lib->credmgr, key_type, id, auth); @@ -231,24 +207,8 @@ METHOD(authenticator_t, process, status_t, return status; } -<<<<<<< HEAD -/** - * Implementation of authenticator_t.process for builder - * Implementation of authenticator_t.build for verifier - */ -static status_t return_failed() -{ - return FAILED; -} - -/** - * Implementation of authenticator_t.destroy. - */ -static void destroy(private_pubkey_authenticator_t *this) -======= METHOD(authenticator_t, destroy, void, private_pubkey_authenticator_t *this) ->>>>>>> upstream/4.5.1 { free(this); } @@ -257,20 +217,6 @@ METHOD(authenticator_t, destroy, void, * Described in header. */ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, -<<<<<<< HEAD - chunk_t received_nonce, chunk_t sent_init) -{ - private_pubkey_authenticator_t *this = malloc_thing(private_pubkey_authenticator_t); - - this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))build; - this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))return_failed; - this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; - this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - - this->ike_sa = ike_sa; - this->ike_sa_init = sent_init; - this->nonce = received_nonce; -======= chunk_t received_nonce, chunk_t sent_init, char reserved[3]) { @@ -290,7 +236,6 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, .nonce = received_nonce, ); memcpy(this->reserved, reserved, sizeof(this->reserved)); ->>>>>>> upstream/4.5.1 return &this->public; } @@ -299,20 +244,6 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, * Described in header. */ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa, -<<<<<<< HEAD - chunk_t sent_nonce, chunk_t received_init) -{ - private_pubkey_authenticator_t *this = malloc_thing(private_pubkey_authenticator_t); - - this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))return_failed; - this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process; - this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; - this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - - this->ike_sa = ike_sa; - this->ike_sa_init = received_init; - this->nonce = sent_nonce; -======= chunk_t sent_nonce, chunk_t received_init, char reserved[3]) { @@ -332,7 +263,6 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa, .nonce = sent_nonce, ); memcpy(this->reserved, reserved, sizeof(this->reserved)); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/sa/authenticators/pubkey_authenticator.h b/src/libcharon/sa/authenticators/pubkey_authenticator.h index 9e2606b95..4c3937ecc 100644 --- a/src/libcharon/sa/authenticators/pubkey_authenticator.h +++ b/src/libcharon/sa/authenticators/pubkey_authenticator.h @@ -43,19 +43,12 @@ struct pubkey_authenticator_t { * @param ike_sa associated ike_sa * @param received_nonce nonce received in IKE_SA_INIT * @param sent_init sent IKE_SA_INIT message data -<<<<<<< HEAD - * @return public key authenticator - */ -pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, - chunk_t received_nonce, chunk_t sent_init); -======= * @param reserved reserved bytes of ID payload * @return public key authenticator */ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_init, char reserved[3]); ->>>>>>> upstream/4.5.1 /** * Create an authenticator to verify public key signatures. @@ -63,18 +56,11 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, * @param ike_sa associated ike_sa * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data -<<<<<<< HEAD - * @return public key authenticator - */ -pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa, - chunk_t sent_nonce, chunk_t received_init); -======= * @param reserved reserved bytes of ID payload * @return public key authenticator */ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t sent_nonce, chunk_t received_init, char reserved[3]); ->>>>>>> upstream/4.5.1 #endif /** PUBKEY_AUTHENTICATOR_H_ @}*/ diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index a29e692fd..dc42ba787 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -559,21 +559,15 @@ METHOD(child_sa_t, alloc_cpi, u_int16_t, METHOD(child_sa_t, install, status_t, private_child_sa_t *this, chunk_t encr, chunk_t integ, u_int32_t spi, -<<<<<<< HEAD - u_int16_t cpi, bool inbound, linked_list_t *my_ts, -======= u_int16_t cpi, bool inbound, bool tfcv3, linked_list_t *my_ts, ->>>>>>> upstream/4.5.1 linked_list_t *other_ts) { u_int16_t enc_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED, size; + u_int16_t esn = NO_EXT_SEQ_NUMBERS; traffic_selector_t *src_ts = NULL, *dst_ts = NULL; time_t now; lifetime_cfg_t *lifetime; -<<<<<<< HEAD -======= u_int32_t tfc = 0; ->>>>>>> upstream/4.5.1 host_t *src, *dst; status_t status; bool update = FALSE; @@ -598,14 +592,11 @@ METHOD(child_sa_t, install, status_t, dst = this->other_addr; this->other_spi = spi; this->other_cpi = cpi; -<<<<<<< HEAD -======= if (tfcv3) { tfc = this->config->get_tfc(this->config); } ->>>>>>> upstream/4.5.1 } DBG2(DBG_CHD, "adding %s %N SA", inbound ? "inbound" : "outbound", @@ -618,6 +609,8 @@ METHOD(child_sa_t, install, status_t, &enc_alg, &size); this->proposal->get_algorithm(this->proposal, INTEGRITY_ALGORITHM, &int_alg, &size); + this->proposal->get_algorithm(this->proposal, EXTENDED_SEQUENCE_NUMBERS, + &esn, NULL); lifetime = this->config->get_lifetime(this->config); @@ -636,11 +629,7 @@ METHOD(child_sa_t, install, status_t, lifetime->time.rekey = 0; } -<<<<<<< HEAD - if (this->mode == MODE_BEET) -======= if (this->mode == MODE_BEET || this->mode == MODE_TRANSPORT) ->>>>>>> upstream/4.5.1 { /* BEET requires the bound address from the traffic selectors. * TODO: We add just the first traffic selector for now, as the @@ -659,13 +648,9 @@ METHOD(child_sa_t, install, status_t, status = hydra->kernel_interface->add_sa(hydra->kernel_interface, src, dst, spi, proto_ike2ip(this->protocol), this->reqid, -<<<<<<< HEAD - inbound ? this->mark_in : this->mark_out, -======= inbound ? this->mark_in : this->mark_out, tfc, ->>>>>>> upstream/4.5.1 lifetime, enc_alg, encr, int_alg, integ, this->mode, - this->ipcomp, cpi, this->encap, update, src_ts, dst_ts); + this->ipcomp, cpi, this->encap, esn, update, src_ts, dst_ts); free(lifetime); diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index 513807b34..f17ef01ac 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -313,20 +313,13 @@ struct child_sa_t { * @param spi SPI to use, allocated for inbound * @param cpi CPI to use, allocated for outbound * @param inbound TRUE to install an inbound SA, FALSE for outbound -<<<<<<< HEAD -======= * @param tfcv3 TRUE if peer supports ESPv3 TFC ->>>>>>> upstream/4.5.1 * @param my_ts negotiated local traffic selector list * @param other_ts negotiated remote traffic selector list * @return SUCCESS or FAILED */ status_t (*install)(child_sa_t *this, chunk_t encr, chunk_t integ, -<<<<<<< HEAD - u_int32_t spi, u_int16_t cpi, bool inbound, -======= u_int32_t spi, u_int16_t cpi, bool inbound, bool tfcv3, ->>>>>>> upstream/4.5.1 linked_list_t *my_ts, linked_list_t *other_ts); /** * Install the policies using some traffic selectors. diff --git a/src/libcharon/sa/connect_manager.c b/src/libcharon/sa/connect_manager.c index f481f2059..972cc98ad 100644 --- a/src/libcharon/sa/connect_manager.c +++ b/src/libcharon/sa/connect_manager.c @@ -1194,14 +1194,10 @@ static job_requeue_t initiate_mediated(initiate_data_t *data) DBG1(DBG_IKE, "establishing mediated connection failed"); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); } -<<<<<<< HEAD - charon->ike_sa_manager->checkin(charon->ike_sa_manager, sa); -======= else { charon->ike_sa_manager->checkin(charon->ike_sa_manager, sa); } ->>>>>>> upstream/4.5.1 } iterator->destroy(iterator); } diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 58d24b48c..2fc186fe8 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -50,10 +50,7 @@ #include <processing/jobs/send_dpd_job.h> #include <processing/jobs/send_keepalive_job.h> #include <processing/jobs/rekey_ike_sa_job.h> -<<<<<<< HEAD -======= #include <encoding/payloads/unknown_payload.h> ->>>>>>> upstream/4.5.1 #ifdef ME #include <sa/tasks/ike_me.h> @@ -563,16 +560,6 @@ METHOD(ike_sa_t, send_dpd, status_t, time_t diff, delay; delay = this->peer_cfg->get_dpd(this->peer_cfg); -<<<<<<< HEAD - - if (delay == 0) - { - /* DPD disabled */ - return SUCCESS; - } - -======= ->>>>>>> upstream/4.5.1 if (this->task_manager->busy(this->task_manager)) { /* an exchange is in the air, no need to start a DPD check */ @@ -585,11 +572,7 @@ METHOD(ike_sa_t, send_dpd, status_t, last_in = get_use_time(this, TRUE); now = time_monotonic(NULL); diff = now - last_in; -<<<<<<< HEAD - if (diff >= delay) -======= if (!delay || diff >= delay) ->>>>>>> upstream/4.5.1 { /* to long ago, initiate dead peer detection */ task_t *task; @@ -615,16 +598,11 @@ METHOD(ike_sa_t, send_dpd, status_t, } } /* recheck in "interval" seconds */ -<<<<<<< HEAD - job = (job_t*)send_dpd_job_create(this->ike_sa_id); - lib->scheduler->schedule_job(lib->scheduler, job, delay - diff); -======= if (delay) { job = (job_t*)send_dpd_job_create(this->ike_sa_id); lib->scheduler->schedule_job(lib->scheduler, job, delay - diff); } ->>>>>>> upstream/4.5.1 return SUCCESS; } @@ -699,14 +677,10 @@ METHOD(ike_sa_t, set_state, void, } /* start DPD checks */ -<<<<<<< HEAD - send_dpd(this); -======= if (this->peer_cfg->get_dpd(this->peer_cfg)) { send_dpd(this); } ->>>>>>> upstream/4.5.1 } break; } @@ -851,11 +825,7 @@ METHOD(ike_sa_t, float_ports, void, } METHOD(ike_sa_t, update_hosts, void, -<<<<<<< HEAD - private_ike_sa_t *this, host_t *me, host_t *other) -======= private_ike_sa_t *this, host_t *me, host_t *other, bool force) ->>>>>>> upstream/4.5.1 { bool update = FALSE; @@ -888,11 +858,7 @@ METHOD(ike_sa_t, update_hosts, void, if (!other->equals(other, this->other_host)) { /* update others adress if we are NOT NATed */ -<<<<<<< HEAD - if (!has_condition(this, COND_NAT_HERE)) -======= if (force || !has_condition(this, COND_NAT_HERE)) ->>>>>>> upstream/4.5.1 { set_other_host(this, other->clone(other)); update = TRUE; @@ -925,10 +891,6 @@ METHOD(ike_sa_t, update_hosts, void, METHOD(ike_sa_t, generate_message, status_t, private_ike_sa_t *this, message_t *message, packet_t **packet) { -<<<<<<< HEAD - this->stats[STAT_OUTBOUND] = time_monotonic(NULL); - message->set_ike_sa_id(message, this->ike_sa_id); -======= if (message->is_encoded(message)) { /* already done */ *packet = message->get_packet(message); @@ -937,7 +899,6 @@ METHOD(ike_sa_t, generate_message, status_t, this->stats[STAT_OUTBOUND] = time_monotonic(NULL); message->set_ike_sa_id(message, this->ike_sa_id); charon->bus->message(charon->bus, message, FALSE); ->>>>>>> upstream/4.5.1 return message->generate(message, this->keymat->get_aead(this->keymat, FALSE), packet); } @@ -946,11 +907,7 @@ METHOD(ike_sa_t, generate_message, status_t, * send a notify back to the sender */ static void send_notify_response(private_ike_sa_t *this, message_t *request, -<<<<<<< HEAD - notify_type_t type) -======= notify_type_t type, chunk_t data) ->>>>>>> upstream/4.5.1 { message_t *response; packet_t *packet; @@ -959,11 +916,7 @@ static void send_notify_response(private_ike_sa_t *this, message_t *request, response->set_exchange_type(response, request->get_exchange_type(request)); response->set_request(response, FALSE); response->set_message_id(response, request->get_message_id(request)); -<<<<<<< HEAD - response->add_notify(response, FALSE, type, chunk_empty); -======= response->add_notify(response, FALSE, type, data); ->>>>>>> upstream/4.5.1 if (this->my_host->is_anyaddr(this->my_host)) { this->my_host->destroy(this->my_host); @@ -1228,10 +1181,7 @@ METHOD(ike_sa_t, process_message, status_t, { status_t status; bool is_request; -<<<<<<< HEAD -======= u_int8_t type = 0; ->>>>>>> upstream/4.5.1 if (this->state == IKE_PASSIVE) { /* do not handle messages in passive state */ @@ -1242,11 +1192,6 @@ METHOD(ike_sa_t, process_message, status_t, status = message->parse_body(message, this->keymat->get_aead(this->keymat, TRUE)); -<<<<<<< HEAD - if (status != SUCCESS) - { - -======= if (status == SUCCESS) { /* check for unsupported critical payloads */ enumerator_t *enumerator; @@ -1270,7 +1215,6 @@ METHOD(ike_sa_t, process_message, status_t, } if (status != SUCCESS) { ->>>>>>> upstream/4.5.1 if (is_request) { switch (status) @@ -1279,40 +1223,28 @@ METHOD(ike_sa_t, process_message, status_t, DBG1(DBG_IKE, "critical unknown payloads found"); if (is_request) { -<<<<<<< HEAD - send_notify_response(this, message, UNSUPPORTED_CRITICAL_PAYLOAD); -======= send_notify_response(this, message, UNSUPPORTED_CRITICAL_PAYLOAD, chunk_from_thing(type)); this->task_manager->incr_mid(this->task_manager, FALSE); ->>>>>>> upstream/4.5.1 } break; case PARSE_ERROR: DBG1(DBG_IKE, "message parsing failed"); if (is_request) { -<<<<<<< HEAD - send_notify_response(this, message, INVALID_SYNTAX); -======= send_notify_response(this, message, INVALID_SYNTAX, chunk_empty); this->task_manager->incr_mid(this->task_manager, FALSE); ->>>>>>> upstream/4.5.1 } break; case VERIFY_ERROR: DBG1(DBG_IKE, "message verification failed"); if (is_request) { -<<<<<<< HEAD - send_notify_response(this, message, INVALID_SYNTAX); -======= send_notify_response(this, message, INVALID_SYNTAX, chunk_empty); this->task_manager->incr_mid(this->task_manager, FALSE); ->>>>>>> upstream/4.5.1 } break; case FAILED: @@ -1321,13 +1253,6 @@ METHOD(ike_sa_t, process_message, status_t, break; case INVALID_STATE: DBG1(DBG_IKE, "found encrypted message, but no keys available"); -<<<<<<< HEAD - if (is_request) - { - send_notify_response(this, message, INVALID_SYNTAX); - } -======= ->>>>>>> upstream/4.5.1 default: break; } @@ -1357,12 +1282,8 @@ METHOD(ike_sa_t, process_message, status_t, /* no config found for these hosts, destroy */ DBG1(DBG_IKE, "no IKE config found for %H...%H, sending %N", me, other, notify_type_names, NO_PROPOSAL_CHOSEN); -<<<<<<< HEAD - send_notify_response(this, message, NO_PROPOSAL_CHOSEN); -======= send_notify_response(this, message, NO_PROPOSAL_CHOSEN, chunk_empty); ->>>>>>> upstream/4.5.1 return DESTROY_ME; } /* add a timeout if peer does not establish it completely */ @@ -1652,7 +1573,7 @@ METHOD(ike_sa_t, reestablish, status_t, #endif /* ME */ )) { - DBG1(DBG_IKE, "unable to reestablish IKE_SA due asymetric setup"); + DBG1(DBG_IKE, "unable to reestablish IKE_SA due to asymmetric setup"); return FAILED; } @@ -1975,7 +1896,7 @@ METHOD(ike_sa_t, create_task_enumerator, enumerator_t*, return this->task_manager->create_task_enumerator(this->task_manager, queue); } -METHOD(ike_sa_t, inherit, status_t, +METHOD(ike_sa_t, inherit, void, private_ike_sa_t *this, ike_sa_t *other_public) { private_ike_sa_t *other = (private_ike_sa_t*)other_public; @@ -2056,8 +1977,6 @@ METHOD(ike_sa_t, inherit, status_t, lib->scheduler->schedule_job(lib->scheduler, (job_t*)delete_ike_sa_job_create(this->ike_sa_id, TRUE), delete); } - /* we have to initate here, there may be new tasks to handle */ - return this->task_manager->initiate(this->task_manager); } METHOD(ike_sa_t, destroy, void, @@ -2068,6 +1987,7 @@ METHOD(ike_sa_t, destroy, void, charon->bus->set_sa(charon->bus, &this->public); set_state(this, IKE_DESTROYING); + this->task_manager->destroy(this->task_manager); /* remove attributes first, as we pass the IKE_SA to the handler */ while (this->attributes->remove_last(this->attributes, @@ -2085,7 +2005,6 @@ METHOD(ike_sa_t, destroy, void, /* unset SA after here to avoid usage by the listeners */ charon->bus->set_sa(charon->bus, NULL); - this->task_manager->destroy(this->task_manager); this->keymat->destroy(this->keymat); if (this->my_virtual_ip) diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index 1f96f9abd..69a74d8b7 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -343,14 +343,9 @@ struct ike_sa_t { * * @param me new local host address, or NULL * @param other new remote host address, or NULL -<<<<<<< HEAD - */ - void (*update_hosts)(ike_sa_t *this, host_t *me, host_t *other); -======= * @param force force update */ void (*update_hosts)(ike_sa_t *this, host_t *me, host_t *other, bool force); ->>>>>>> upstream/4.5.1 /** * Get the own identification. @@ -917,9 +912,8 @@ struct ike_sa_t { * As this call may initiate inherited tasks, a status is returned. * * @param other other task to inherit from - * @return DESTROY_ME if initiation of inherited task failed */ - status_t (*inherit) (ike_sa_t *this, ike_sa_t *other); + void (*inherit) (ike_sa_t *this, ike_sa_t *other); /** * Reset the IKE_SA, useable when initiating fails diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index ea31f5359..d695c7f7c 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -1,12 +1,7 @@ /* -<<<<<<< HEAD - * Copyright (C) 2008 Tobias Brunner - * Copyright (C) 2005-2008 Martin Willi -======= * Copyright (C) 2005-2011 Martin Willi * Copyright (C) 2011 revosec AG * Copyright (C) 2008 Tobias Brunner ->>>>>>> upstream/4.5.1 * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -91,13 +86,9 @@ struct entry_t { chunk_t init_hash; /** -<<<<<<< HEAD - * remote host address, required for DoS detection -======= * remote host address, required for DoS detection and duplicate * checking (host with same my_id and other_id is *not* considered * a duplicate if the address family differs) ->>>>>>> upstream/4.5.1 */ host_t *other; @@ -253,12 +244,9 @@ struct connected_peers_t { /** remote identity */ identification_t *other_id; -<<<<<<< HEAD -======= /** ip address family of peer */ int family; ->>>>>>> upstream/4.5.1 /** list of ike_sa_id_t objects of IKE_SAs between the two identities */ linked_list_t *sas; }; @@ -275,19 +263,12 @@ static void connected_peers_destroy(connected_peers_t *this) * Function that matches connected_peers_t objects by the given ids. */ static bool connected_peers_match(connected_peers_t *connected_peers, -<<<<<<< HEAD - identification_t *my_id, identification_t *other_id) -{ - return my_id->equals(my_id, connected_peers->my_id) && - other_id->equals(other_id, connected_peers->other_id); -======= identification_t *my_id, identification_t *other_id, uintptr_t family) { return my_id->equals(my_id, connected_peers->my_id) && other_id->equals(other_id, connected_peers->other_id) && family == connected_peers->family; ->>>>>>> upstream/4.5.1 } typedef struct segment_t segment_t; @@ -423,11 +404,7 @@ static void lock_all_segments(private_ike_sa_manager_t *this) { u_int i; -<<<<<<< HEAD - for (i = 0; i < this->segment_count; ++i) -======= for (i = 0; i < this->segment_count; i++) ->>>>>>> upstream/4.5.1 { this->segments[i].mutex->lock(this->segments[i].mutex); } @@ -440,11 +417,7 @@ static void unlock_all_segments(private_ike_sa_manager_t *this) { u_int i; -<<<<<<< HEAD - for (i = 0; i < this->segment_count; ++i) -======= for (i = 0; i < this->segment_count; i++) ->>>>>>> upstream/4.5.1 { this->segments[i].mutex->unlock(this->segments[i].mutex); } @@ -488,15 +461,8 @@ struct private_enumerator_t { enumerator_t *current; }; -<<<<<<< HEAD -/** - * Implementation of private_enumerator_t.enumerator.enumerate. - */ -static bool enumerate(private_enumerator_t *this, entry_t **entry, u_int *segment) -======= METHOD(enumerator_t, enumerate, bool, private_enumerator_t *this, entry_t **entry, u_int *segment) ->>>>>>> upstream/4.5.1 { if (this->entry) { @@ -542,15 +508,8 @@ METHOD(enumerator_t, enumerate, bool, return FALSE; } -<<<<<<< HEAD -/** - * Implementation of private_enumerator_t.enumerator.destroy. - */ -static void enumerator_destroy(private_enumerator_t *this) -======= METHOD(enumerator_t, enumerator_destroy, void, private_enumerator_t *this) ->>>>>>> upstream/4.5.1 { if (this->entry) { @@ -569,18 +528,6 @@ METHOD(enumerator_t, enumerator_destroy, void, */ static enumerator_t* create_table_enumerator(private_ike_sa_manager_t *this) { -<<<<<<< HEAD - private_enumerator_t *enumerator = malloc_thing(private_enumerator_t); - - enumerator->enumerator.enumerate = (void*)enumerate; - enumerator->enumerator.destroy = (void*)enumerator_destroy; - enumerator->manager = this; - enumerator->segment = 0; - enumerator->entry = NULL; - enumerator->row = 0; - enumerator->current = NULL; - -======= private_enumerator_t *enumerator; INIT(enumerator, @@ -590,7 +537,6 @@ static enumerator_t* create_table_enumerator(private_ike_sa_manager_t *this) }, .manager = this, ); ->>>>>>> upstream/4.5.1 return &enumerator->enumerator; } @@ -601,13 +547,6 @@ static enumerator_t* create_table_enumerator(private_ike_sa_manager_t *this) static u_int put_entry(private_ike_sa_manager_t *this, entry_t *entry) { linked_list_t *list; -<<<<<<< HEAD - u_int row = ike_sa_id_hash(entry->ike_sa_id) & this->table_mask; - u_int segment = row & this->segment_mask; - - lock_single_segment(this, segment); - if ((list = this->ike_sa_table[row]) == NULL) -======= u_int row, segment; row = ike_sa_id_hash(entry->ike_sa_id) & this->table_mask; @@ -616,7 +555,6 @@ static u_int put_entry(private_ike_sa_manager_t *this, entry_t *entry) lock_single_segment(this, segment); list = this->ike_sa_table[row]; if (!list) ->>>>>>> upstream/4.5.1 { list = this->ike_sa_table[row] = linked_list_create(); } @@ -632,16 +570,6 @@ static u_int put_entry(private_ike_sa_manager_t *this, entry_t *entry) static void remove_entry(private_ike_sa_manager_t *this, entry_t *entry) { linked_list_t *list; -<<<<<<< HEAD - u_int row = ike_sa_id_hash(entry->ike_sa_id) & this->table_mask; - u_int segment = row & this->segment_mask; - - if ((list = this->ike_sa_table[row]) != NULL) - { - entry_t *current; - - enumerator_t *enumerator = list->create_enumerator(list); -======= u_int row, segment; row = ike_sa_id_hash(entry->ike_sa_id) & this->table_mask; @@ -653,7 +581,6 @@ static void remove_entry(private_ike_sa_manager_t *this, entry_t *entry) enumerator_t *enumerator; enumerator = list->create_enumerator(list); ->>>>>>> upstream/4.5.1 while (enumerator->enumerate(enumerator, ¤t)) { if (current == entry) @@ -691,13 +618,6 @@ static status_t get_entry_by_match_function(private_ike_sa_manager_t *this, { entry_t *current; linked_list_t *list; -<<<<<<< HEAD - u_int row = ike_sa_id_hash(ike_sa_id) & this->table_mask; - u_int seg = row & this->segment_mask; - - lock_single_segment(this, seg); - if ((list = this->ike_sa_table[row]) != NULL) -======= u_int row, seg; row = ike_sa_id_hash(ike_sa_id) & this->table_mask; @@ -706,7 +626,6 @@ static status_t get_entry_by_match_function(private_ike_sa_manager_t *this, lock_single_segment(this, seg); list = this->ike_sa_table[row]; if (list) ->>>>>>> upstream/4.5.1 { if (list->find_first(list, match, (void**)¤t, p1, p2) == SUCCESS) { @@ -790,21 +709,6 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) { half_open_t *half_open = NULL; linked_list_t *list; -<<<<<<< HEAD - chunk_t addr = entry->other->get_address(entry->other); - u_int row = chunk_hash(addr) & this->table_mask; - u_int segment = row & this->segment_mask; - - rwlock_t *lock = this->half_open_segments[segment].lock; - lock->write_lock(lock); - if ((list = this->half_open_table[row]) == NULL) - { - list = this->half_open_table[row] = linked_list_create(); - } - else - { - half_open_t *current; -======= chunk_t addr; u_int row, segment; rwlock_t *lock; @@ -819,7 +723,6 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) { half_open_t *current; ->>>>>>> upstream/4.5.1 if (list->find_first(list, (linked_list_match_t)half_open_match, (void**)¤t, &addr) == SUCCESS) { @@ -828,14 +731,6 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) this->half_open_segments[segment].count++; } } -<<<<<<< HEAD - - if (!half_open) - { - half_open = malloc_thing(half_open_t); - half_open->other = chunk_clone(addr); - half_open->count = 1; -======= else { list = this->half_open_table[row] = linked_list_create(); @@ -847,7 +742,6 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) .other = chunk_clone(addr), .count = 1, ); ->>>>>>> upstream/4.5.1 list->insert_last(list, half_open); this->half_open_segments[segment].count++; } @@ -860,18 +754,6 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) static void remove_half_open(private_ike_sa_manager_t *this, entry_t *entry) { linked_list_t *list; -<<<<<<< HEAD - chunk_t addr = entry->other->get_address(entry->other); - u_int row = chunk_hash(addr) & this->table_mask; - u_int segment = row & this->segment_mask; - - rwlock_t *lock = this->half_open_segments[segment].lock; - lock->write_lock(lock); - if ((list = this->half_open_table[row]) != NULL) - { - half_open_t *current; - enumerator_t *enumerator = list->create_enumerator(list); -======= chunk_t addr; u_int row, segment; rwlock_t *lock; @@ -888,7 +770,6 @@ static void remove_half_open(private_ike_sa_manager_t *this, entry_t *entry) enumerator_t *enumerator; enumerator = list->create_enumerator(list); ->>>>>>> upstream/4.5.1 while (enumerator->enumerate(enumerator, ¤t)) { if (half_open_match(current, &addr)) @@ -912,26 +793,6 @@ static void remove_half_open(private_ike_sa_manager_t *this, entry_t *entry) */ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) { -<<<<<<< HEAD - linked_list_t *list; - connected_peers_t *connected_peers = NULL; - chunk_t my_id = entry->my_id->get_encoding(entry->my_id), - other_id = entry->other_id->get_encoding(entry->other_id); - u_int row = chunk_hash_inc(other_id, chunk_hash(my_id)) & this->table_mask; - u_int segment = row & this->segment_mask; - - rwlock_t *lock = this->connected_peers_segments[segment].lock; - lock->write_lock(lock); - if ((list = this->connected_peers_table[row]) == NULL) - { - list = this->connected_peers_table[row] = linked_list_create(); - } - else - { - connected_peers_t *current; - if (list->find_first(list, (linked_list_match_t)connected_peers_match, - (void**)¤t, entry->my_id, entry->other_id) == SUCCESS) -======= connected_peers_t *connected_peers = NULL; chunk_t my_id, other_id; linked_list_t *list; @@ -952,7 +813,6 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) if (list->find_first(list, (linked_list_match_t)connected_peers_match, (void**)¤t, entry->my_id, entry->other_id, (uintptr_t)entry->other->get_family(entry->other)) == SUCCESS) ->>>>>>> upstream/4.5.1 { connected_peers = current; if (connected_peers->sas->find_first(connected_peers->sas, @@ -964,15 +824,6 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) } } } -<<<<<<< HEAD - - if (!connected_peers) - { - connected_peers = malloc_thing(connected_peers_t); - connected_peers->my_id = entry->my_id->clone(entry->my_id); - connected_peers->other_id = entry->other_id->clone(entry->other_id); - connected_peers->sas = linked_list_create(); -======= else { list = this->connected_peers_table[row] = linked_list_create(); @@ -986,7 +837,6 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) .family = entry->other->get_family(entry->other), .sas = linked_list_create(), ); ->>>>>>> upstream/4.5.1 list->insert_last(list, connected_peers); } connected_peers->sas->insert_last(connected_peers->sas, @@ -1000,26 +850,6 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) */ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) { -<<<<<<< HEAD - linked_list_t *list; - chunk_t my_id = entry->my_id->get_encoding(entry->my_id), - other_id = entry->other_id->get_encoding(entry->other_id); - u_int row = chunk_hash_inc(other_id, chunk_hash(my_id)) & this->table_mask; - u_int segment = row & this->segment_mask; - - rwlock_t *lock = this->connected_peers_segments[segment].lock; - lock->write_lock(lock); - if ((list = this->connected_peers_table[row]) != NULL) - { - connected_peers_t *current; - enumerator_t *enumerator = list->create_enumerator(list); - while (enumerator->enumerate(enumerator, ¤t)) - { - if (connected_peers_match(current, entry->my_id, entry->other_id)) - { - ike_sa_id_t *ike_sa_id; - enumerator_t *inner = current->sas->create_enumerator(current->sas); -======= chunk_t my_id, other_id; linked_list_t *list; u_int row, segment; @@ -1048,7 +878,6 @@ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entr enumerator_t *inner; inner = current->sas->create_enumerator(current->sas); ->>>>>>> upstream/4.5.1 while (inner->enumerate(inner, &ike_sa_id)) { if (ike_sa_id->equals(ike_sa_id, entry->ike_sa_id)) @@ -1074,22 +903,6 @@ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entr } /** -<<<<<<< HEAD - * Implementation of private_ike_sa_manager_t.get_next_spi. - */ -static u_int64_t get_next_spi(private_ike_sa_manager_t *this) -{ - u_int64_t spi; - - this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi); - return spi; -} - -/** - * Implementation of of ike_sa_manager.checkout. - */ -static ike_sa_t* checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id) -======= * Get a random SPI for new IKE_SAs */ static u_int64_t get_spi(private_ike_sa_manager_t *this) @@ -1105,7 +918,6 @@ static u_int64_t get_spi(private_ike_sa_manager_t *this) METHOD(ike_sa_manager_t, checkout, ike_sa_t*, private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id) ->>>>>>> upstream/4.5.1 { ike_sa_t *ike_sa = NULL; entry_t *entry; @@ -1128,27 +940,6 @@ METHOD(ike_sa_manager_t, checkout, ike_sa_t*, return ike_sa; } -<<<<<<< HEAD -/** - * Implementation of of ike_sa_manager.checkout_new. - */ -static ike_sa_t *checkout_new(private_ike_sa_manager_t* this, bool initiator) -{ - ike_sa_id_t *ike_sa_id; - ike_sa_t *ike_sa; - entry_t *entry; - u_int segment; - - if (initiator) - { - ike_sa_id = ike_sa_id_create(get_next_spi(this), 0, TRUE); - } - else - { - ike_sa_id = ike_sa_id_create(0, get_next_spi(this), FALSE); - } - ike_sa = ike_sa_create(ike_sa_id); -======= METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*, private_ike_sa_manager_t* this, bool initiator) { @@ -1165,63 +956,30 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*, } ike_sa = ike_sa_create(ike_sa_id); ike_sa_id->destroy(ike_sa_id); ->>>>>>> upstream/4.5.1 DBG2(DBG_MGR, "created IKE_SA %s[%u]", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa)); -<<<<<<< HEAD - if (!initiator) - { - ike_sa_id->destroy(ike_sa_id); - return ike_sa; - } - - entry = entry_create(); - entry->ike_sa_id = ike_sa_id; - entry->ike_sa = ike_sa; - segment = put_entry(this, entry); - entry->checked_out = TRUE; - unlock_single_segment(this, segment); - return entry->ike_sa; -} - -/** - * Implementation of of ike_sa_manager.checkout_by_message. - */ -static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, - message_t *message) -======= return ike_sa; } METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, private_ike_sa_manager_t* this, message_t *message) ->>>>>>> upstream/4.5.1 { u_int segment; entry_t *entry; ike_sa_t *ike_sa = NULL; -<<<<<<< HEAD - ike_sa_id_t *id = message->get_ike_sa_id(message); - -======= ike_sa_id_t *id; id = message->get_ike_sa_id(message); ->>>>>>> upstream/4.5.1 id = id->clone(id); id->switch_initiator(id); DBG2(DBG_MGR, "checkout IKE_SA by message"); if (message->get_request(message) && -<<<<<<< HEAD - message->get_exchange_type(message) == IKE_SA_INIT) -======= message->get_exchange_type(message) == IKE_SA_INIT && this->hasher) ->>>>>>> upstream/4.5.1 { /* IKE_SA_INIT request. Check for an IKE_SA with such a message hash. */ chunk_t data, hash; @@ -1257,11 +1015,7 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, message->get_exchange_type(message) == IKE_SA_INIT) { /* no IKE_SA found, create a new one */ -<<<<<<< HEAD - id->set_responder_spi(id, get_next_spi(this)); -======= id->set_responder_spi(id, get_spi(this)); ->>>>>>> upstream/4.5.1 entry = entry_create(); entry->ike_sa = ike_sa_create(id); entry->ike_sa_id = id->clone(id); @@ -1321,16 +1075,8 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, return ike_sa; } -<<<<<<< HEAD -/** - * Implementation of of ike_sa_manager.checkout_by_config. - */ -static ike_sa_t* checkout_by_config(private_ike_sa_manager_t *this, - peer_cfg_t *peer_cfg) -======= METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; entry_t *entry; @@ -1385,16 +1131,8 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, return ike_sa; } -<<<<<<< HEAD -/** - * Implementation of of ike_sa_manager.checkout_by_id. - */ -static ike_sa_t* checkout_by_id(private_ike_sa_manager_t *this, u_int32_t id, - bool child) -======= METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*, private_ike_sa_manager_t *this, u_int32_t id, bool child) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; iterator_t *children; @@ -1447,16 +1185,8 @@ METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*, return ike_sa; } -<<<<<<< HEAD -/** - * Implementation of of ike_sa_manager.checkout_by_name. - */ -static ike_sa_t* checkout_by_name(private_ike_sa_manager_t *this, char *name, - bool child) -======= METHOD(ike_sa_manager_t, checkout_by_name, ike_sa_t*, private_ike_sa_manager_t *this, char *name, bool child) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; iterator_t *children; @@ -1521,22 +1251,6 @@ static bool enumerator_filter(private_ike_sa_manager_t *this, return FALSE; } -<<<<<<< HEAD -/** - * Implementation of ike_sa_manager_t.create_enumerator. - */ -static enumerator_t *create_enumerator(private_ike_sa_manager_t* this) -{ - return enumerator_create_filter( - create_table_enumerator(this), - (void*)enumerator_filter, this, NULL); -} - -/** - * Implementation of ike_sa_manager_t.checkin. - */ -static void checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) -======= METHOD(ike_sa_manager_t, create_enumerator, enumerator_t*, private_ike_sa_manager_t* this) { @@ -1546,7 +1260,6 @@ METHOD(ike_sa_manager_t, create_enumerator, enumerator_t*, METHOD(ike_sa_manager_t, checkin, void, private_ike_sa_manager_t *this, ike_sa_t *ike_sa) ->>>>>>> upstream/4.5.1 { /* to check the SA back in, we look for the pointer of the ike_sa * in all entries. @@ -1611,25 +1324,16 @@ METHOD(ike_sa_manager_t, checkin, void, segment = put_entry(this, entry); } -<<<<<<< HEAD - /* apply identities for duplicate test (only as responder) */ - if (!entry->ike_sa_id->is_initiator(entry->ike_sa_id) && - ike_sa->get_state(ike_sa) == IKE_ESTABLISHED && -======= /* apply identities for duplicate test */ if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED && ->>>>>>> upstream/4.5.1 entry->my_id == NULL && entry->other_id == NULL) { entry->my_id = my_id->clone(my_id); entry->other_id = other_id->clone(other_id); -<<<<<<< HEAD -======= if (!entry->other) { entry->other = other->clone(other); } ->>>>>>> upstream/4.5.1 put_connected_peers(this, entry); } @@ -1638,15 +1342,8 @@ METHOD(ike_sa_manager_t, checkin, void, charon->bus->set_sa(charon->bus, NULL); } -<<<<<<< HEAD -/** - * Implementation of ike_sa_manager_t.checkin_and_destroy. - */ -static void checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) -======= METHOD(ike_sa_manager_t, checkin_and_destroy, void, private_ike_sa_manager_t *this, ike_sa_t *ike_sa) ->>>>>>> upstream/4.5.1 { /* deletion is a bit complex, we must ensure that no thread is waiting for * this SA. @@ -1683,12 +1380,7 @@ METHOD(ike_sa_manager_t, checkin_and_destroy, void, { remove_half_open(this, entry); } -<<<<<<< HEAD - if (!entry->ike_sa_id->is_initiator(entry->ike_sa_id) && - entry->my_id && entry->other_id) -======= if (entry->my_id && entry->other_id) ->>>>>>> upstream/4.5.1 { remove_connected_peers(this, entry); } @@ -1705,16 +1397,8 @@ METHOD(ike_sa_manager_t, checkin_and_destroy, void, charon->bus->set_sa(charon->bus, NULL); } -<<<<<<< HEAD - -/** - * Implementation of ike_sa_manager_t.check_uniqueness. - */ -static bool check_uniqueness(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) -======= METHOD(ike_sa_manager_t, check_uniqueness, bool, private_ike_sa_manager_t *this, ike_sa_t *ike_sa, bool force_replace) ->>>>>>> upstream/4.5.1 { bool cancel = FALSE; peer_cfg_t *peer_cfg; @@ -1728,11 +1412,7 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, peer_cfg = ike_sa->get_peer_cfg(ike_sa); policy = peer_cfg->get_unique_policy(peer_cfg); -<<<<<<< HEAD - if (policy == UNIQUE_NO) -======= if (policy == UNIQUE_NO && !force_replace) ->>>>>>> upstream/4.5.1 { return FALSE; } @@ -1746,14 +1426,6 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, lock = this->connected_peers_segments[segment & this->segment_mask].lock; lock->read_lock(lock); -<<<<<<< HEAD - if ((list = this->connected_peers_table[row]) != NULL) - { - connected_peers_t *current; - - if (list->find_first(list, (linked_list_match_t)connected_peers_match, - (void**)¤t, me, other) == SUCCESS) -======= list = this->connected_peers_table[row]; if (list) { @@ -1764,7 +1436,6 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, if (list->find_first(list, (linked_list_match_t)connected_peers_match, (void**)¤t, me, other, (uintptr_t)other_host->get_family(other_host)) == SUCCESS) ->>>>>>> upstream/4.5.1 { /* clone the list, so we can release the lock */ duplicate_ids = current->sas->clone_offset(current->sas, @@ -1789,8 +1460,6 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, { continue; } -<<<<<<< HEAD -======= if (force_replace) { DBG1(DBG_IKE, "destroying duplicate IKE_SA for peer '%Y', " @@ -1798,7 +1467,6 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, checkin_and_destroy(this, duplicate); continue; } ->>>>>>> upstream/4.5.1 peer_cfg = duplicate->get_peer_cfg(duplicate); if (peer_cfg && peer_cfg->equals(peer_cfg, ike_sa->get_peer_cfg(ike_sa))) { @@ -1843,13 +1511,6 @@ METHOD(ike_sa_manager_t, check_uniqueness, bool, return cancel; } -<<<<<<< HEAD -/** - * Implementation of ike_sa_manager_t.get_half_open_count. - */ -static int get_half_open_count(private_ike_sa_manager_t *this, host_t *ip) -{ -======= METHOD(ike_sa_manager_t, has_contact, bool, private_ike_sa_manager_t *this, identification_t *me, identification_t *other, int family) @@ -1885,24 +1546,14 @@ METHOD(ike_sa_manager_t, get_half_open_count, int, u_int segment, row; rwlock_t *lock; chunk_t addr; ->>>>>>> upstream/4.5.1 int count = 0; if (ip) { -<<<<<<< HEAD - linked_list_t *list; - chunk_t addr = ip->get_address(ip); - u_int row = chunk_hash(addr) & this->table_mask; - u_int segment = row & this->segment_mask; - - rwlock_t *lock = this->half_open_segments[segment & this->segment_mask].lock; -======= addr = ip->get_address(ip); row = chunk_hash(addr) & this->table_mask; segment = row & this->segment_mask; lock = this->half_open_segments[segment & this->segment_mask].lock; ->>>>>>> upstream/4.5.1 lock->read_lock(lock); if ((list = this->half_open_table[row]) != NULL) { @@ -1918,38 +1569,19 @@ METHOD(ike_sa_manager_t, get_half_open_count, int, } else { -<<<<<<< HEAD - u_int segment; - - for (segment = 0; segment < this->segment_count; ++segment) - { - rwlock_t *lock; -======= for (segment = 0; segment < this->segment_count; segment++) { ->>>>>>> upstream/4.5.1 lock = this->half_open_segments[segment & this->segment_mask].lock; lock->read_lock(lock); count += this->half_open_segments[segment].count; lock->unlock(lock); } } -<<<<<<< HEAD - - return count; -} - -/** - * Implementation of ike_sa_manager_t.flush. - */ -static void flush(private_ike_sa_manager_t *this) -======= return count; } METHOD(ike_sa_manager_t, flush, void, private_ike_sa_manager_t *this) ->>>>>>> upstream/4.5.1 { /* destroy all list entries */ enumerator_t *enumerator; @@ -2013,12 +1645,7 @@ METHOD(ike_sa_manager_t, flush, void, { remove_half_open(this, entry); } -<<<<<<< HEAD - if (!entry->ike_sa_id->is_initiator(entry->ike_sa_id) && - entry->my_id && entry->other_id) -======= if (entry->my_id && entry->other_id) ->>>>>>> upstream/4.5.1 { remove_connected_peers(this, entry); } @@ -2030,34 +1657,6 @@ METHOD(ike_sa_manager_t, flush, void, unlock_all_segments(this); this->rng->destroy(this->rng); -<<<<<<< HEAD - this->hasher->destroy(this->hasher); -} - -/** - * Implementation of ike_sa_manager_t.destroy. - */ -static void destroy(private_ike_sa_manager_t *this) -{ - u_int i; - - for (i = 0; i < this->table_size; ++i) - { - linked_list_t *list; - - if ((list = this->ike_sa_table[i]) != NULL) - { - list->destroy(list); - } - if ((list = this->half_open_table[i]) != NULL) - { - list->destroy(list); - } - if ((list = this->connected_peers_table[i]) != NULL) - { - list->destroy(list); - } -======= this->rng = NULL; this->hasher->destroy(this->hasher); this->hasher = NULL; @@ -2073,16 +1672,11 @@ METHOD(ike_sa_manager_t, destroy, void, DESTROY_IF(this->ike_sa_table[i]); DESTROY_IF(this->half_open_table[i]); DESTROY_IF(this->connected_peers_table[i]); ->>>>>>> upstream/4.5.1 } free(this->ike_sa_table); free(this->half_open_table); free(this->connected_peers_table); -<<<<<<< HEAD - for (i = 0; i < this->segment_count; ++i) -======= for (i = 0; i < this->segment_count; i++) ->>>>>>> upstream/4.5.1 { this->segments[i].mutex->destroy(this->segments[i].mutex); this->half_open_segments[i].lock->destroy(this->half_open_segments[i].lock); @@ -2118,27 +1712,6 @@ static u_int get_nearest_powerof2(u_int n) */ ike_sa_manager_t *ike_sa_manager_create() { -<<<<<<< HEAD - u_int i; - private_ike_sa_manager_t *this = malloc_thing(private_ike_sa_manager_t); - - /* assign public functions */ - this->public.flush = (void(*)(ike_sa_manager_t*))flush; - this->public.destroy = (void(*)(ike_sa_manager_t*))destroy; - this->public.checkout = (ike_sa_t*(*)(ike_sa_manager_t*, ike_sa_id_t*))checkout; - this->public.checkout_new = (ike_sa_t*(*)(ike_sa_manager_t*,bool))checkout_new; - this->public.checkout_by_message = (ike_sa_t*(*)(ike_sa_manager_t*,message_t*))checkout_by_message; - this->public.checkout_by_config = (ike_sa_t*(*)(ike_sa_manager_t*,peer_cfg_t*))checkout_by_config; - this->public.checkout_by_id = (ike_sa_t*(*)(ike_sa_manager_t*,u_int32_t,bool))checkout_by_id; - this->public.checkout_by_name = (ike_sa_t*(*)(ike_sa_manager_t*,char*,bool))checkout_by_name; - this->public.check_uniqueness = (bool(*)(ike_sa_manager_t*, ike_sa_t *ike_sa))check_uniqueness; - this->public.create_enumerator = (enumerator_t*(*)(ike_sa_manager_t*))create_enumerator; - this->public.checkin = (void(*)(ike_sa_manager_t*,ike_sa_t*))checkin; - this->public.checkin_and_destroy = (void(*)(ike_sa_manager_t*,ike_sa_t*))checkin_and_destroy; - this->public.get_half_open_count = (int(*)(ike_sa_manager_t*,host_t*))get_half_open_count; - - /* initialize private variables */ -======= private_ike_sa_manager_t *this; u_int i; @@ -2161,7 +1734,6 @@ ike_sa_manager_t *ike_sa_manager_create() }, ); ->>>>>>> upstream/4.5.1 this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_PREFERRED); if (this->hasher == NULL) { @@ -2177,10 +1749,7 @@ ike_sa_manager_t *ike_sa_manager_create() free(this); return NULL; } -<<<<<<< HEAD -======= ->>>>>>> upstream/4.5.1 this->table_size = get_nearest_powerof2(lib->settings->get_int(lib->settings, "charon.ikesa_table_size", DEFAULT_HASHTABLE_SIZE)); this->table_size = max(1, min(this->table_size, MAX_HASHTABLE_SIZE)); @@ -2190,18 +1759,10 @@ ike_sa_manager_t *ike_sa_manager_create() "charon.ikesa_table_segments", DEFAULT_SEGMENT_COUNT)); this->segment_count = max(1, min(this->segment_count, this->table_size)); this->segment_mask = this->segment_count - 1; -<<<<<<< HEAD - - this->ike_sa_table = calloc(this->table_size, sizeof(linked_list_t*)); - - this->segments = (segment_t*)calloc(this->segment_count, sizeof(segment_t)); - for (i = 0; i < this->segment_count; ++i) -======= this->ike_sa_table = calloc(this->table_size, sizeof(linked_list_t*)); this->segments = (segment_t*)calloc(this->segment_count, sizeof(segment_t)); for (i = 0; i < this->segment_count; i++) ->>>>>>> upstream/4.5.1 { this->segments[i].mutex = mutex_create(MUTEX_TYPE_RECURSIVE); this->segments[i].count = 0; @@ -2210,11 +1771,7 @@ ike_sa_manager_t *ike_sa_manager_create() /* we use the same table parameters for the table to track half-open SAs */ this->half_open_table = calloc(this->table_size, sizeof(linked_list_t*)); this->half_open_segments = calloc(this->segment_count, sizeof(shareable_segment_t)); -<<<<<<< HEAD - for (i = 0; i < this->segment_count; ++i) -======= for (i = 0; i < this->segment_count; i++) ->>>>>>> upstream/4.5.1 { this->half_open_segments[i].lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->half_open_segments[i].count = 0; @@ -2223,11 +1780,7 @@ ike_sa_manager_t *ike_sa_manager_create() /* also for the hash table used for duplicate tests */ this->connected_peers_table = calloc(this->table_size, sizeof(linked_list_t*)); this->connected_peers_segments = calloc(this->segment_count, sizeof(shareable_segment_t)); -<<<<<<< HEAD - for (i = 0; i < this->segment_count; ++i) -======= for (i = 0; i < this->segment_count; i++) ->>>>>>> upstream/4.5.1 { this->connected_peers_segments[i].lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->connected_peers_segments[i].count = 0; diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h index 2c81592d2..ec157ab3a 100644 --- a/src/libcharon/sa/ike_sa_manager.h +++ b/src/libcharon/sa/ike_sa_manager.h @@ -52,12 +52,6 @@ struct ike_sa_manager_t { /** * Create and check out a new IKE_SA. * -<<<<<<< HEAD - * @note If initiator equals FALSE, the returned IKE_SA is not registered - * in the manager. - * -======= ->>>>>>> upstream/4.5.1 * @param initiator TRUE for initiator, FALSE otherwise * @returns created and checked out IKE_SA */ @@ -112,12 +106,6 @@ struct ike_sa_manager_t { * deadlocks occur otherwise. * * @param ike_sa ike_sa to check -<<<<<<< HEAD - * @return TRUE, if the given IKE_SA has duplicates and - * should be deleted - */ - bool (*check_uniqueness)(ike_sa_manager_t *this, ike_sa_t *ike_sa); -======= * @param force_replace replace existing SAs, regardless of unique policy * @return TRUE, if the given IKE_SA has duplicates and * should be deleted @@ -135,7 +123,6 @@ struct ike_sa_manager_t { */ bool (*has_contact)(ike_sa_manager_t *this, identification_t *me, identification_t *other, int family); ->>>>>>> upstream/4.5.1 /** * Check out an IKE_SA a unique ID. diff --git a/src/libcharon/sa/keymat.c b/src/libcharon/sa/keymat.c index 2721fb3b9..33ece24b2 100644 --- a/src/libcharon/sa/keymat.c +++ b/src/libcharon/sa/keymat.c @@ -214,11 +214,7 @@ static bool derive_ike_traditional(private_keymat_t *this, u_int16_t enc_alg, { DBG1(DBG_IKE, "%N %N (key size %d) not supported!", transform_type_names, ENCRYPTION_ALGORITHM, -<<<<<<< HEAD - encryption_algorithm_names, enc_alg, key_size); -======= encryption_algorithm_names, enc_alg, enc_size); ->>>>>>> upstream/4.5.1 signer_i->destroy(signer_i); signer_r->destroy(signer_r); return FALSE; @@ -544,11 +540,7 @@ METHOD(keymat_t, get_aead, aead_t*, METHOD(keymat_t, get_auth_octets, chunk_t, private_keymat_t *this, bool verify, chunk_t ike_sa_init, -<<<<<<< HEAD - chunk_t nonce, identification_t *id) -======= chunk_t nonce, identification_t *id, char reserved[3]) ->>>>>>> upstream/4.5.1 { chunk_t chunk, idx, octets; chunk_t skp; @@ -556,13 +548,8 @@ METHOD(keymat_t, get_auth_octets, chunk_t, skp = verify ? this->skp_verify : this->skp_build; chunk = chunk_alloca(4); -<<<<<<< HEAD - memset(chunk.ptr, 0, chunk.len); - chunk.ptr[0] = id->get_type(id); -======= chunk.ptr[0] = id->get_type(id); memcpy(chunk.ptr + 1, reserved, 3); ->>>>>>> upstream/4.5.1 idx = chunk_cata("cc", chunk, id->get_encoding(id)); DBG3(DBG_IKE, "IDx' %B", &idx); @@ -583,11 +570,7 @@ METHOD(keymat_t, get_auth_octets, chunk_t, METHOD(keymat_t, get_psk_sig, chunk_t, private_keymat_t *this, bool verify, chunk_t ike_sa_init, -<<<<<<< HEAD - chunk_t nonce, chunk_t secret, identification_t *id) -======= chunk_t nonce, chunk_t secret, identification_t *id, char reserved[3]) ->>>>>>> upstream/4.5.1 { chunk_t key_pad, key, sig, octets; @@ -595,11 +578,7 @@ METHOD(keymat_t, get_psk_sig, chunk_t, { /* EAP uses SK_p if no MSK has been established */ secret = verify ? this->skp_verify : this->skp_build; } -<<<<<<< HEAD - octets = get_auth_octets(this, verify, ike_sa_init, nonce, id); -======= octets = get_auth_octets(this, verify, ike_sa_init, nonce, id, reserved); ->>>>>>> upstream/4.5.1 /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */ key_pad = chunk_create(IKEV2_KEY_PAD, IKEV2_KEY_PAD_LENGTH); this->prf->set_key(this->prf, secret); diff --git a/src/libcharon/sa/keymat.h b/src/libcharon/sa/keymat.h index d1d0591c5..11e0fa79a 100644 --- a/src/libcharon/sa/keymat.h +++ b/src/libcharon/sa/keymat.h @@ -117,19 +117,12 @@ struct keymat_t { * @param ike_sa_init encoded ike_sa_init message * @param nonce nonce value * @param id identity -<<<<<<< HEAD - * @return authentication octets - */ - chunk_t (*get_auth_octets)(keymat_t *this, bool verify, chunk_t ike_sa_init, - chunk_t nonce, identification_t *id); -======= * @param reserved reserved bytes of id_payload * @return authentication octets */ chunk_t (*get_auth_octets)(keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce, identification_t *id, char reserved[3]); ->>>>>>> upstream/4.5.1 /** * Build the shared secret signature used for PSK and EAP authentication. * @@ -142,19 +135,12 @@ struct keymat_t { * @param nonce nonce value * @param secret optional secret to include into signature * @param id identity -<<<<<<< HEAD - * @return signature octets - */ - chunk_t (*get_psk_sig)(keymat_t *this, bool verify, chunk_t ike_sa_init, - chunk_t nonce, chunk_t secret, identification_t *id); -======= * @param reserved reserved bytes of id_payload * @return signature octets */ chunk_t (*get_psk_sig)(keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce, chunk_t secret, identification_t *id, char reserved[3]); ->>>>>>> upstream/4.5.1 /** * Destroy a keymat_t. */ diff --git a/src/libcharon/sa/task_manager.c b/src/libcharon/sa/task_manager.c index 97c5510f2..f07d2e384 100644 --- a/src/libcharon/sa/task_manager.c +++ b/src/libcharon/sa/task_manager.c @@ -161,12 +161,12 @@ static void flush(private_task_manager_t *this) { this->queued_tasks->destroy_offset(this->queued_tasks, offsetof(task_t, destroy)); + this->queued_tasks = linked_list_create(); this->passive_tasks->destroy_offset(this->passive_tasks, offsetof(task_t, destroy)); + this->passive_tasks = linked_list_create(); this->active_tasks->destroy_offset(this->active_tasks, offsetof(task_t, destroy)); - this->queued_tasks = linked_list_create(); - this->passive_tasks = linked_list_create(); this->active_tasks = linked_list_create(); } @@ -465,10 +465,6 @@ METHOD(task_manager_t, initiate, status_t, /* update exchange type if a task changed it */ this->initiating.type = message->get_exchange_type(message); -<<<<<<< HEAD - charon->bus->message(charon->bus, message, FALSE); -======= ->>>>>>> upstream/4.5.1 status = this->ike_sa->generate_message(this->ike_sa, message, &this->initiating.packet); if (status != SUCCESS) @@ -549,7 +545,7 @@ static status_t process_response(private_task_manager_t *this, /** * handle exchange collisions */ -static void handle_collisions(private_task_manager_t *this, task_t *task) +static bool handle_collisions(private_task_manager_t *this, task_t *task) { iterator_t *iterator; task_t *active; @@ -588,12 +584,11 @@ static void handle_collisions(private_task_manager_t *this, task_t *task) continue; } iterator->destroy(iterator); - return; + return TRUE; } iterator->destroy(iterator); } - /* destroy task if not registered in any active task */ - task->destroy(task); + return FALSE; } /** @@ -627,9 +622,17 @@ static status_t build_response(private_task_manager_t *this, message_t *request) case SUCCESS: /* task completed, remove it */ iterator->remove(iterator); - handle_collisions(this, task); + if (!handle_collisions(this, task)) + { + task->destroy(task); + } + break; case NEED_MORE: /* processed, but task needs another exchange */ + if (handle_collisions(this, task)) + { + iterator->remove(iterator); + } break; case FAILED: default: @@ -657,10 +660,6 @@ static status_t build_response(private_task_manager_t *this, message_t *request) /* message complete, send it */ DESTROY_IF(this->responding.packet); this->responding.packet = NULL; -<<<<<<< HEAD - charon->bus->message(charon->bus, message, FALSE); -======= ->>>>>>> upstream/4.5.1 status = this->ike_sa->generate_message(this->ike_sa, message, &this->responding.packet); message->destroy(message); @@ -888,17 +887,12 @@ static status_t process_request(private_task_manager_t *this, METHOD(task_manager_t, process_message, status_t, private_task_manager_t *this, message_t *msg) { -<<<<<<< HEAD - u_int32_t mid = msg->get_message_id(msg); - host_t *me = msg->get_destination(msg), *other = msg->get_source(msg); -======= host_t *me, *other; u_int32_t mid; mid = msg->get_message_id(msg); me = msg->get_destination(msg); other = msg->get_source(msg); ->>>>>>> upstream/4.5.1 if (msg->get_request(msg)) { @@ -910,12 +904,6 @@ METHOD(task_manager_t, process_message, status_t, { /* only do host updates based on verified messages */ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) { /* with MOBIKE, we do no implicit updates */ -<<<<<<< HEAD - this->ike_sa->update_hosts(this->ike_sa, me, other); - } - } - charon->bus->message(charon->bus, msg, TRUE); -======= this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1); } } @@ -924,7 +912,6 @@ METHOD(task_manager_t, process_message, status_t, { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */ return SUCCESS; } ->>>>>>> upstream/4.5.1 if (process_request(this, msg) != SUCCESS) { flush(this); @@ -935,26 +922,15 @@ METHOD(task_manager_t, process_message, status_t, else if ((mid == this->responding.mid - 1) && this->responding.packet) { packet_t *clone; -<<<<<<< HEAD - host_t *me, *other; -======= host_t *host; ->>>>>>> upstream/4.5.1 DBG1(DBG_IKE, "received retransmit of request with ID %d, " "retransmitting response", mid); clone = this->responding.packet->clone(this->responding.packet); -<<<<<<< HEAD - me = msg->get_destination(msg); - other = msg->get_source(msg); - clone->set_source(clone, me->clone(me)); - clone->set_destination(clone, other->clone(other)); -======= host = msg->get_destination(msg); clone->set_source(clone, host->clone(host)); host = msg->get_source(msg); clone->set_destination(clone, host->clone(host)); ->>>>>>> upstream/4.5.1 charon->sender->send(charon->sender, clone); } else @@ -973,12 +949,6 @@ METHOD(task_manager_t, process_message, status_t, { /* only do host updates based on verified messages */ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) { /* with MOBIKE, we do no implicit updates */ -<<<<<<< HEAD - this->ike_sa->update_hosts(this->ike_sa, me, other); - } - } - charon->bus->message(charon->bus, msg, TRUE); -======= this->ike_sa->update_hosts(this->ike_sa, me, other, FALSE); } } @@ -987,7 +957,6 @@ METHOD(task_manager_t, process_message, status_t, { /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */ return SUCCESS; } ->>>>>>> upstream/4.5.1 if (process_response(this, msg) != SUCCESS) { flush(this); @@ -1050,8 +1019,6 @@ METHOD(task_manager_t, busy, bool, return (this->active_tasks->get_count(this->active_tasks) > 0); } -<<<<<<< HEAD -======= METHOD(task_manager_t, incr_mid, void, private_task_manager_t *this, bool initiate) { @@ -1065,7 +1032,6 @@ METHOD(task_manager_t, incr_mid, void, } } ->>>>>>> upstream/4.5.1 METHOD(task_manager_t, reset, void, private_task_manager_t *this, u_int32_t initiate, u_int32_t respond) { @@ -1149,10 +1115,7 @@ task_manager_t *task_manager_create(ike_sa_t *ike_sa) .queue_task = _queue_task, .initiate = _initiate, .retransmit = _retransmit, -<<<<<<< HEAD -======= .incr_mid = _incr_mid, ->>>>>>> upstream/4.5.1 .reset = _reset, .adopt_tasks = _adopt_tasks, .busy = _busy, diff --git a/src/libcharon/sa/task_manager.h b/src/libcharon/sa/task_manager.h index f5dcc8977..5bc6c80c4 100644 --- a/src/libcharon/sa/task_manager.h +++ b/src/libcharon/sa/task_manager.h @@ -149,8 +149,6 @@ struct task_manager_t { void (*adopt_tasks) (task_manager_t *this, task_manager_t *other); /** -<<<<<<< HEAD -======= * Increment a message ID counter, in- or outbound. * * If a message is processed outside of the manager, this call increments @@ -161,7 +159,6 @@ struct task_manager_t { void (*incr_mid)(task_manager_t *this, bool initiate); /** ->>>>>>> upstream/4.5.1 * Reset message ID counters of the task manager. * * The IKEv2 protocol requires to restart exchanges with message IDs diff --git a/src/libcharon/sa/tasks/child_create.c b/src/libcharon/sa/tasks/child_create.c index 16f7b6d81..fc02a334b 100644 --- a/src/libcharon/sa/tasks/child_create.c +++ b/src/libcharon/sa/tasks/child_create.c @@ -117,14 +117,11 @@ struct private_child_create_t { ipsec_mode_t mode; /** -<<<<<<< HEAD -======= * peer accepts TFC padding for this SA */ bool tfcv3; /** ->>>>>>> upstream/4.5.1 * IPComp transform to use */ ipcomp_transform_t ipcomp; @@ -463,19 +460,6 @@ static status_t select_and_install(private_child_create_t *this, { if (this->initiator) { -<<<<<<< HEAD - status_i = this->child_sa->install(this->child_sa, encr_r, integ_r, - this->my_spi, this->my_cpi, TRUE, my_ts, other_ts); - status_o = this->child_sa->install(this->child_sa, encr_i, integ_i, - this->other_spi, this->other_cpi, FALSE, my_ts, other_ts); - } - else - { - status_i = this->child_sa->install(this->child_sa, encr_i, integ_i, - this->my_spi, this->my_cpi, TRUE, my_ts, other_ts); - status_o = this->child_sa->install(this->child_sa, encr_r, integ_r, - this->other_spi, this->other_cpi, FALSE, my_ts, other_ts); -======= status_i = this->child_sa->install(this->child_sa, encr_r, integ_r, this->my_spi, this->my_cpi, TRUE, this->tfcv3, my_ts, other_ts); @@ -491,7 +475,6 @@ static status_t select_and_install(private_child_create_t *this, status_o = this->child_sa->install(this->child_sa, encr_r, integ_r, this->other_spi, this->other_cpi, FALSE, this->tfcv3, my_ts, other_ts); ->>>>>>> upstream/4.5.1 } } chunk_clear(&integ_i); @@ -657,9 +640,6 @@ static void handle_notify(private_child_create_t *this, notify_payload_t *notify ipcomp_transform_names, ipcomp); break; } -<<<<<<< HEAD - } -======= break; } case ESP_TFC_PADDING_NOT_SUPPORTED: @@ -667,7 +647,6 @@ static void handle_notify(private_child_create_t *this, notify_payload_t *notify notify_type_names, notify->get_notify_type(notify)); this->tfcv3 = FALSE; break; ->>>>>>> upstream/4.5.1 default: break; } @@ -727,15 +706,8 @@ static void process_payloads(private_child_create_t *this, message_t *message) enumerator->destroy(enumerator); } -<<<<<<< HEAD -/** - * Implementation of task_t.build for initiator - */ -static status_t build_i(private_child_create_t *this, message_t *message) -======= METHOD(task_t, build_i, status_t, private_child_create_t *this, message_t *message) ->>>>>>> upstream/4.5.1 { host_t *me, *other, *vip; peer_cfg_t *peer_cfg; @@ -872,15 +844,8 @@ METHOD(task_t, build_i, status_t, return NEED_MORE; } -<<<<<<< HEAD -/** - * Implementation of task_t.process for responder - */ -static status_t process_r(private_child_create_t *this, message_t *message) -======= METHOD(task_t, process_r, status_t, private_child_create_t *this, message_t *message) ->>>>>>> upstream/4.5.1 { switch (message->get_exchange_type(message)) { @@ -923,15 +888,8 @@ static void handle_child_sa_failure(private_child_create_t *this, } } -<<<<<<< HEAD -/** - * Implementation of task_t.build for responder - */ -static status_t build_r(private_child_create_t *this, message_t *message) -======= METHOD(task_t, build_r, status_t, private_child_create_t *this, message_t *message) ->>>>>>> upstream/4.5.1 { peer_cfg_t *peer_cfg; payload_t *payload; @@ -1009,11 +967,7 @@ METHOD(task_t, build_r, status_t, case INTERNAL_ADDRESS_FAILURE: case FAILED_CP_REQUIRED: { -<<<<<<< HEAD - DBG1(DBG_IKE,"configuration payload negotation " -======= DBG1(DBG_IKE,"configuration payload negotiation " ->>>>>>> upstream/4.5.1 "failed, no CHILD_SA built"); enumerator->destroy(enumerator); handle_child_sa_failure(this, message); @@ -1084,15 +1038,8 @@ METHOD(task_t, build_r, status_t, return SUCCESS; } -<<<<<<< HEAD -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_child_create_t *this, message_t *message) -======= METHOD(task_t, process_i, status_t, private_child_create_t *this, message_t *message) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; payload_t *payload; @@ -1163,9 +1110,6 @@ METHOD(task_t, process_i, status_t, return NEED_MORE; } default: -<<<<<<< HEAD - break; -======= { if (message->get_exchange_type(message) == CREATE_CHILD_SA) { /* handle notifies if not handled in IKE_AUTH */ @@ -1181,7 +1125,6 @@ METHOD(task_t, process_i, status_t, } break; } ->>>>>>> upstream/4.5.1 } } } @@ -1233,49 +1176,20 @@ METHOD(task_t, process_i, status_t, return SUCCESS; } -<<<<<<< HEAD -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_child_create_t *this) -{ - return CHILD_CREATE; -} - -/** - * Implementation of child_create_t.use_reqid - */ -static void use_reqid(private_child_create_t *this, u_int32_t reqid) -======= METHOD(child_create_t, use_reqid, void, private_child_create_t *this, u_int32_t reqid) ->>>>>>> upstream/4.5.1 { this->reqid = reqid; } -<<<<<<< HEAD -/** - * Implementation of child_create_t.get_child - */ -static child_sa_t* get_child(private_child_create_t *this) -======= METHOD(child_create_t, get_child, child_sa_t*, private_child_create_t *this) ->>>>>>> upstream/4.5.1 { return this->child_sa; } -<<<<<<< HEAD -/** - * Implementation of child_create_t.get_lower_nonce - */ -static chunk_t get_lower_nonce(private_child_create_t *this) -======= METHOD(child_create_t, get_lower_nonce, chunk_t, private_child_create_t *this) ->>>>>>> upstream/4.5.1 { if (memcmp(this->my_nonce.ptr, this->other_nonce.ptr, min(this->my_nonce.len, this->other_nonce.len)) < 0) @@ -1288,12 +1202,6 @@ METHOD(child_create_t, get_lower_nonce, chunk_t, } } -<<<<<<< HEAD -/** - * Implementation of task_t.migrate - */ -static void migrate(private_child_create_t *this, ike_sa_t *ike_sa) -======= METHOD(task_t, get_type, task_type_t, private_child_create_t *this) { @@ -1302,7 +1210,6 @@ METHOD(task_t, get_type, task_type_t, METHOD(task_t, migrate, void, private_child_create_t *this, ike_sa_t *ike_sa) ->>>>>>> upstream/4.5.1 { chunk_free(&this->my_nonce); chunk_free(&this->other_nonce); @@ -1338,15 +1245,8 @@ METHOD(task_t, migrate, void, this->established = FALSE; } -<<<<<<< HEAD -/** - * Implementation of task_t.destroy - */ -static void destroy(private_child_create_t *this) -======= METHOD(task_t, destroy, void, private_child_create_t *this) ->>>>>>> upstream/4.5.1 { chunk_free(&this->my_nonce); chunk_free(&this->other_nonce); @@ -1382,20 +1282,6 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config, bool rekey, traffic_selector_t *tsi, traffic_selector_t *tsr) { -<<<<<<< HEAD - private_child_create_t *this = malloc_thing(private_child_create_t); - - this->public.get_child = (child_sa_t*(*)(child_create_t*))get_child; - this->public.get_lower_nonce = (chunk_t(*)(child_create_t*))get_lower_nonce; - this->public.use_reqid = (void(*)(child_create_t*,u_int32_t))use_reqid; - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; - if (config) - { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; -======= private_child_create_t *this; INIT(this, @@ -1426,49 +1312,15 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, { this->public.task.build = _build_i; this->public.task.process = _process_i; ->>>>>>> upstream/4.5.1 this->initiator = TRUE; config->get_ref(config); } else { -<<<<<<< HEAD - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; - this->initiator = FALSE; - } - - this->ike_sa = ike_sa; - this->config = config; - this->my_nonce = chunk_empty; - this->other_nonce = chunk_empty; - this->proposals = NULL; - this->proposal = NULL; - this->tsi = NULL; - this->tsr = NULL; - this->packet_tsi = tsi ? tsi->clone(tsi) : NULL; - this->packet_tsr = tsr ? tsr->clone(tsr) : NULL; - this->dh = NULL; - this->dh_group = MODP_NONE; - this->keymat = ike_sa->get_keymat(ike_sa); - this->child_sa = NULL; - this->mode = MODE_TUNNEL; - this->ipcomp = IPCOMP_NONE; - this->ipcomp_received = IPCOMP_NONE; - this->my_spi = 0; - this->other_spi = 0; - this->my_cpi = 0; - this->other_cpi = 0; - this->reqid = 0; - this->established = FALSE; - this->rekey = rekey; - -======= this->public.task.build = _build_r; this->public.task.process = _process_r; this->initiator = FALSE; } ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/sa/tasks/child_delete.c b/src/libcharon/sa/tasks/child_delete.c index 45e97e4cd..e6834a93c 100644 --- a/src/libcharon/sa/tasks/child_delete.c +++ b/src/libcharon/sa/tasks/child_delete.c @@ -163,6 +163,7 @@ static void process_payloads(private_child_delete_t *this, message_t *message) protocol, spi); continue; } + /* fall through */ case CHILD_INSTALLED: if (!this->initiator) { /* reestablish installed children if required */ diff --git a/src/libcharon/sa/tasks/child_rekey.c b/src/libcharon/sa/tasks/child_rekey.c index 5ffe49293..b39a5fc67 100644 --- a/src/libcharon/sa/tasks/child_rekey.c +++ b/src/libcharon/sa/tasks/child_rekey.c @@ -241,20 +241,11 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) /* if we have the lower nonce, delete rekeyed SA. If not, delete * the redundant. */ if (memcmp(this_nonce.ptr, other_nonce.ptr, -<<<<<<< HEAD - min(this_nonce.len, other_nonce.len)) < 0) - { - child_sa_t *child_sa; - - DBG1(DBG_IKE, "CHILD_SA rekey collision won, " - "deleting rekeyed child"); -======= min(this_nonce.len, other_nonce.len)) > 0) { child_sa_t *child_sa; DBG1(DBG_IKE, "CHILD_SA rekey collision won, deleting old child"); ->>>>>>> upstream/4.5.1 to_delete = this->child_sa; /* don't touch child other created, it has already been deleted */ if (!this->other_child_destroyed) @@ -267,11 +258,7 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) else { DBG1(DBG_IKE, "CHILD_SA rekey collision lost, " -<<<<<<< HEAD - "deleting redundant child"); -======= "deleting rekeyed child"); ->>>>>>> upstream/4.5.1 to_delete = this->child_create->get_child(this->child_create); } } @@ -395,7 +382,7 @@ static void collide(private_child_rekey_t *this, task_t *other) if (other->get_type(other) == CHILD_REKEY) { private_child_rekey_t *rekey = (private_child_rekey_t*)other; - if (rekey == NULL || rekey->child_sa != this->child_sa) + if (rekey->child_sa != this->child_sa) { /* not the same child => no collision */ other->destroy(other); @@ -412,7 +399,7 @@ static void collide(private_child_rekey_t *this, task_t *other) other->destroy(other); return; } - if (del == NULL || del->get_child(del) != this->child_sa) + if (del->get_child(del) != this->child_sa) { /* not the same child => no collision */ other->destroy(other); @@ -425,6 +412,8 @@ static void collide(private_child_rekey_t *this, task_t *other) other->destroy(other); return; } + DBG1(DBG_IKE, "detected %N collision with %N", task_type_names, CHILD_REKEY, + task_type_names, other->get_type(other)); DESTROY_IF(this->collision); this->collision = other; } diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c index fbc177d6f..0756c7d60 100644 --- a/src/libcharon/sa/tasks/ike_auth.c +++ b/src/libcharon/sa/tasks/ike_auth.c @@ -68,14 +68,11 @@ struct private_ike_auth_t { packet_t *other_packet; /** -<<<<<<< HEAD -======= * Reserved bytes of ID payload */ char reserved[3]; /** ->>>>>>> upstream/4.5.1 * currently active authenticator, to authenticate us */ authenticator_t *my_auth; @@ -109,14 +106,11 @@ struct private_ike_auth_t { * should we send a AUTHENTICATION_FAILED notify? */ bool authentication_failed; -<<<<<<< HEAD -======= /** * received an INITIAL_CONTACT? */ bool initial_contact; ->>>>>>> upstream/4.5.1 }; /** @@ -176,8 +170,6 @@ static status_t collect_other_init_data(private_ike_auth_t *this, } /** -<<<<<<< HEAD -======= * Get and store reserved bytes of id_payload, required for AUTH payload */ static void get_reserved_id_bytes(private_ike_auth_t *this, id_payload_t *id) @@ -196,7 +188,6 @@ static void get_reserved_id_bytes(private_ike_auth_t *this, id_payload_t *id) } /** ->>>>>>> upstream/4.5.1 * Get the next authentication configuration */ static auth_cfg_t *get_auth_cfg(private_ike_auth_t *this, bool local) @@ -366,15 +357,8 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict) return this->peer_cfg != NULL; } -<<<<<<< HEAD -/** - * Implementation of task_t.build for initiator - */ -static status_t build_i(private_ike_auth_t *this, message_t *message) -======= METHOD(task_t, build_i, status_t, private_ike_auth_t *this, message_t *message) ->>>>>>> upstream/4.5.1 { auth_cfg_t *cfg; @@ -409,11 +393,7 @@ METHOD(task_t, build_i, status_t, /* check if an authenticator is in progress */ if (this->my_auth == NULL) { -<<<<<<< HEAD - identification_t *id; -======= identification_t *idi, *idr = NULL; ->>>>>>> upstream/4.5.1 id_payload_t *id_payload; /* clean up authentication config from a previous round */ @@ -424,44 +404,24 @@ METHOD(task_t, build_i, status_t, cfg = get_auth_cfg(this, FALSE); if (cfg) { -<<<<<<< HEAD - id = cfg->get(cfg, AUTH_RULE_IDENTITY); - if (id && !id->contains_wildcards(id)) - { - this->ike_sa->set_other_id(this->ike_sa, id->clone(id)); - id_payload = id_payload_create_from_identification( - ID_RESPONDER, id); -======= idr = cfg->get(cfg, AUTH_RULE_IDENTITY); if (idr && !idr->contains_wildcards(idr)) { this->ike_sa->set_other_id(this->ike_sa, idr->clone(idr)); id_payload = id_payload_create_from_identification( ID_RESPONDER, idr); ->>>>>>> upstream/4.5.1 message->add_payload(message, (payload_t*)id_payload); } } /* add IDi */ cfg = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); cfg->merge(cfg, get_auth_cfg(this, TRUE), TRUE); -<<<<<<< HEAD - id = cfg->get(cfg, AUTH_RULE_IDENTITY); - if (!id) -======= idi = cfg->get(cfg, AUTH_RULE_IDENTITY); if (!idi) ->>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "configuration misses IDi"); return FAILED; } -<<<<<<< HEAD - this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); - id_payload = id_payload_create_from_identification(ID_INITIATOR, id); - message->add_payload(message, (payload_t*)id_payload); - -======= this->ike_sa->set_my_id(this->ike_sa, idi->clone(idi)); id_payload = id_payload_create_from_identification(ID_INITIATOR, idi); get_reserved_id_bytes(this, id_payload); @@ -480,17 +440,12 @@ METHOD(task_t, build_i, status_t, } } ->>>>>>> upstream/4.5.1 /* build authentication data */ this->my_auth = authenticator_create_builder(this->ike_sa, cfg, this->other_nonce, this->my_nonce, this->other_packet->get_data(this->other_packet), -<<<<<<< HEAD - this->my_packet->get_data(this->my_packet)); -======= this->my_packet->get_data(this->my_packet), this->reserved); ->>>>>>> upstream/4.5.1 if (!this->my_auth) { return FAILED; @@ -527,15 +482,8 @@ METHOD(task_t, build_i, status_t, return NEED_MORE; } -<<<<<<< HEAD -/** - * Implementation of task_t.process for responder - */ -static status_t process_r(private_ike_auth_t *this, message_t *message) -======= METHOD(task_t, process_r, status_t, private_ike_auth_t *this, message_t *message) ->>>>>>> upstream/4.5.1 { auth_cfg_t *cfg, *cand; id_payload_t *id_payload; @@ -589,10 +537,7 @@ METHOD(task_t, process_r, status_t, return FAILED; } id = id_payload->get_identification(id_payload); -<<<<<<< HEAD -======= get_reserved_id_bytes(this, id_payload); ->>>>>>> upstream/4.5.1 this->ike_sa->set_other_id(this->ike_sa, id); cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id)); @@ -643,12 +588,8 @@ METHOD(task_t, process_r, status_t, this->other_auth = authenticator_create_verifier(this->ike_sa, message, this->other_nonce, this->my_nonce, this->other_packet->get_data(this->other_packet), -<<<<<<< HEAD - this->my_packet->get_data(this->my_packet)); -======= this->my_packet->get_data(this->my_packet), this->reserved); ->>>>>>> upstream/4.5.1 if (!this->other_auth) { this->authentication_failed = TRUE; @@ -672,12 +613,6 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } -<<<<<<< HEAD - /* store authentication information */ - cfg = auth_cfg_create(); - cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); - this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); -======= /* If authenticated (with non-EAP) and received INITIAL_CONTACT, * delete any existing IKE_SAs with that peer. */ if (message->get_message_id(message) == 1 && @@ -685,7 +620,6 @@ METHOD(task_t, process_r, status_t, { this->initial_contact = TRUE; } ->>>>>>> upstream/4.5.1 /* another auth round done, invoke authorize hook */ if (!charon->bus->authorize(charon->bus, FALSE)) @@ -695,14 +629,11 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } -<<<<<<< HEAD -======= /* store authentication information */ cfg = auth_cfg_create(); cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); ->>>>>>> upstream/4.5.1 if (!update_cfg_candidates(this, FALSE)) { this->authentication_failed = TRUE; @@ -721,15 +652,8 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } -<<<<<<< HEAD -/** - * Implementation of task_t.build for responder - */ -static status_t build_r(private_ike_auth_t *this, message_t *message) -======= METHOD(task_t, build_r, status_t, private_ike_auth_t *this, message_t *message) ->>>>>>> upstream/4.5.1 { auth_cfg_t *cfg; @@ -785,10 +709,6 @@ METHOD(task_t, build_r, status_t, } id_payload = id_payload_create_from_identification(ID_RESPONDER, id); -<<<<<<< HEAD - message->add_payload(message, (payload_t*)id_payload); - -======= get_reserved_id_bytes(this, id_payload); message->add_payload(message, (payload_t*)id_payload); @@ -799,7 +719,6 @@ METHOD(task_t, build_r, status_t, this->initial_contact = FALSE; } ->>>>>>> upstream/4.5.1 if ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS) == AUTH_CLASS_EAP) { /* EAP-only authentication */ if (!this->ike_sa->supports_extension(this->ike_sa, @@ -818,12 +737,8 @@ METHOD(task_t, build_r, status_t, this->my_auth = authenticator_create_builder(this->ike_sa, cfg, this->other_nonce, this->my_nonce, this->other_packet->get_data(this->other_packet), -<<<<<<< HEAD - this->my_packet->get_data(this->my_packet)); -======= this->my_packet->get_data(this->my_packet), this->reserved); ->>>>>>> upstream/4.5.1 if (!this->my_auth) { message->add_notify(message, TRUE, AUTHENTICATION_FAILED, @@ -885,11 +800,7 @@ METHOD(task_t, build_r, status_t, if (!this->do_another_auth && !this->expect_another_auth) { if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, -<<<<<<< HEAD - this->ike_sa)) -======= this->ike_sa, FALSE)) ->>>>>>> upstream/4.5.1 { DBG1(DBG_IKE, "cancelling IKE_SA setup due uniqueness policy"); message->add_notify(message, TRUE, AUTHENTICATION_FAILED, @@ -917,15 +828,8 @@ METHOD(task_t, build_r, status_t, return NEED_MORE; } -<<<<<<< HEAD -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_ike_auth_t *this, message_t *message) -======= METHOD(task_t, process_i, status_t, private_ike_auth_t *this, message_t *message) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; payload_t *payload; @@ -1007,10 +911,7 @@ METHOD(task_t, process_i, status_t, return FAILED; } id = id_payload->get_identification(id_payload); -<<<<<<< HEAD -======= get_reserved_id_bytes(this, id_payload); ->>>>>>> upstream/4.5.1 this->ike_sa->set_other_id(this->ike_sa, id); cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id)); @@ -1021,12 +922,8 @@ METHOD(task_t, process_i, status_t, this->other_auth = authenticator_create_verifier(this->ike_sa, message, this->other_nonce, this->my_nonce, this->other_packet->get_data(this->other_packet), -<<<<<<< HEAD - this->my_packet->get_data(this->my_packet)); -======= this->my_packet->get_data(this->my_packet), this->reserved); ->>>>>>> upstream/4.5.1 if (!this->other_auth) { return FAILED; @@ -1052,28 +949,17 @@ METHOD(task_t, process_i, status_t, this->other_auth->destroy(this->other_auth); this->other_auth = NULL; } -<<<<<<< HEAD - /* store authentication information, reset authenticator */ - cfg = auth_cfg_create(); - cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); - this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); - -======= ->>>>>>> upstream/4.5.1 /* another auth round done, invoke authorize hook */ if (!charon->bus->authorize(charon->bus, FALSE)) { DBG1(DBG_IKE, "authorization forbids IKE_SA, cancelling"); return FAILED; } -<<<<<<< HEAD -======= /* store authentication information, reset authenticator */ cfg = auth_cfg_create(); cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); ->>>>>>> upstream/4.5.1 } if (this->my_auth) @@ -1134,28 +1020,14 @@ METHOD(task_t, process_i, status_t, return NEED_MORE; } -<<<<<<< HEAD -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_ike_auth_t *this) -======= METHOD(task_t, get_type, task_type_t, private_ike_auth_t *this) ->>>>>>> upstream/4.5.1 { return IKE_AUTHENTICATE; } -<<<<<<< HEAD -/** - * Implementation of task_t.migrate - */ -static void migrate(private_ike_auth_t *this, ike_sa_t *ike_sa) -======= METHOD(task_t, migrate, void, private_ike_auth_t *this, ike_sa_t *ike_sa) ->>>>>>> upstream/4.5.1 { chunk_free(&this->my_nonce); chunk_free(&this->other_nonce); @@ -1178,15 +1050,8 @@ METHOD(task_t, migrate, void, this->candidates = linked_list_create(); } -<<<<<<< HEAD -/** - * Implementation of task_t.destroy - */ -static void destroy(private_ike_auth_t *this) -======= METHOD(task_t, destroy, void, private_ike_auth_t *this) ->>>>>>> upstream/4.5.1 { chunk_free(&this->my_nonce); chunk_free(&this->other_nonce); @@ -1204,39 +1069,6 @@ METHOD(task_t, destroy, void, */ ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator) { -<<<<<<< HEAD - private_ike_auth_t *this = malloc_thing(private_ike_auth_t); - - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; - - if (initiator) - { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; - } - else - { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; - } - - this->ike_sa = ike_sa; - this->initiator = initiator; - this->my_nonce = chunk_empty; - this->other_nonce = chunk_empty; - this->my_packet = NULL; - this->other_packet = NULL; - this->peer_cfg = NULL; - this->candidates = linked_list_create(); - this->my_auth = NULL; - this->other_auth = NULL; - this->do_another_auth = TRUE; - this->expect_another_auth = TRUE; - this->authentication_failed = FALSE; - -======= private_ike_auth_t *this; INIT(this, @@ -1260,7 +1092,6 @@ ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = _build_i; this->public.task.process = _process_i; } ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libcharon/sa/tasks/ike_cert_pre.c b/src/libcharon/sa/tasks/ike_cert_pre.c index 8da8d549a..a59b8dcce 100644 --- a/src/libcharon/sa/tasks/ike_cert_pre.c +++ b/src/libcharon/sa/tasks/ike_cert_pre.c @@ -76,10 +76,7 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) { certreq_payload_t *certreq = (certreq_payload_t*)payload; enumerator_t *enumerator; -<<<<<<< HEAD -======= u_int unknown = 0; ->>>>>>> upstream/4.5.1 chunk_t keyid; this->ike_sa->set_condition(this->ike_sa, COND_CERTREQ_SEEN, TRUE); @@ -107,26 +104,18 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) } else { -<<<<<<< HEAD - DBG1(DBG_IKE, "received cert request for unknown ca " - "with keyid %Y", id); -======= DBG2(DBG_IKE, "received cert request for unknown ca " "with keyid %Y", id); unknown++; ->>>>>>> upstream/4.5.1 } id->destroy(id); } enumerator->destroy(enumerator); -<<<<<<< HEAD -======= if (unknown) { DBG1(DBG_IKE, "received %u cert requests for an unknown ca", unknown); } ->>>>>>> upstream/4.5.1 break; } case NOTIFY: @@ -271,8 +260,6 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message) } break; } -<<<<<<< HEAD -======= case ENC_CRL: cert = cert_payload->get_cert(cert_payload); if (cert) @@ -282,15 +269,10 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message) auth->add(auth, AUTH_HELPER_REVOCATION_CERT, cert); } break; ->>>>>>> upstream/4.5.1 case ENC_PKCS7_WRAPPED_X509: case ENC_PGP: case ENC_DNS_SIGNED_KEY: case ENC_KERBEROS_TOKEN: -<<<<<<< HEAD - case ENC_CRL: -======= ->>>>>>> upstream/4.5.1 case ENC_ARL: case ENC_SPKI: case ENC_X509_ATTRIBUTE: diff --git a/src/libcharon/sa/tasks/ike_config.c b/src/libcharon/sa/tasks/ike_config.c index c92b5bca5..a61663c48 100644 --- a/src/libcharon/sa/tasks/ike_config.c +++ b/src/libcharon/sa/tasks/ike_config.c @@ -317,7 +317,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message) id = this->ike_sa->get_other_eap_id(this->ike_sa); config = this->ike_sa->get_peer_cfg(this->ike_sa); - if (config && this->virtual_ip) + if (this->virtual_ip) { DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip); if (config->get_pool(config)) diff --git a/src/libcharon/sa/tasks/ike_rekey.c b/src/libcharon/sa/tasks/ike_rekey.c index 1698ddd34..c055dabc1 100644 --- a/src/libcharon/sa/tasks/ike_rekey.c +++ b/src/libcharon/sa/tasks/ike_rekey.c @@ -68,9 +68,45 @@ struct private_ike_rekey_t { }; /** - * Implementation of task_t.build for initiator, after rekeying + * Establish the new replacement IKE_SA */ -static status_t build_i_delete(private_ike_rekey_t *this, message_t *message) +static void establish_new(private_ike_rekey_t *this) +{ + if (this->new_sa) + { + this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED); + DBG0(DBG_IKE, "IKE_SA %s[%d] rekeyed between %H[%Y]...%H[%Y]", + this->new_sa->get_name(this->new_sa), + this->new_sa->get_unique_id(this->new_sa), + this->ike_sa->get_my_host(this->ike_sa), + this->ike_sa->get_my_id(this->ike_sa), + this->ike_sa->get_other_host(this->ike_sa), + this->ike_sa->get_other_id(this->ike_sa)); + + this->new_sa->inherit(this->new_sa, this->ike_sa); + charon->bus->ike_rekey(charon->bus, this->ike_sa, this->new_sa); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, this->new_sa); + this->new_sa = NULL; + /* set threads active IKE_SA after checkin */ + charon->bus->set_sa(charon->bus, this->ike_sa); + } +} + +METHOD(task_t, process_r_delete, status_t, + private_ike_rekey_t *this, message_t *message) +{ + establish_new(this); + return this->ike_delete->task.process(&this->ike_delete->task, message); +} + +METHOD(task_t, build_r_delete, status_t, + private_ike_rekey_t *this, message_t *message) +{ + return this->ike_delete->task.build(&this->ike_delete->task, message); +} + +METHOD(task_t, build_i_delete, status_t, + private_ike_rekey_t *this, message_t *message) { /* update exchange type to INFORMATIONAL for the delete */ message->set_exchange_type(message, INFORMATIONAL); @@ -78,18 +114,14 @@ static status_t build_i_delete(private_ike_rekey_t *this, message_t *message) return this->ike_delete->task.build(&this->ike_delete->task, message); } -/** - * Implementation of task_t.process for initiator, after rekeying - */ -static status_t process_i_delete(private_ike_rekey_t *this, message_t *message) +METHOD(task_t, process_i_delete, status_t, + private_ike_rekey_t *this, message_t *message) { return this->ike_delete->task.process(&this->ike_delete->task, message); } -/** - * Implementation of task_t.build for initiator - */ -static status_t build_i(private_ike_rekey_t *this, message_t *message) +METHOD(task_t, build_i, status_t, + private_ike_rekey_t *this, message_t *message) { peer_cfg_t *peer_cfg; host_t *other_host; @@ -112,10 +144,8 @@ static status_t build_i(private_ike_rekey_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.process for responder - */ -static status_t process_r(private_ike_rekey_t *this, message_t *message) +METHOD(task_t, process_r, status_t, + private_ike_rekey_t *this, message_t *message) { peer_cfg_t *peer_cfg; iterator_t *iterator; @@ -156,10 +186,8 @@ static status_t process_r(private_ike_rekey_t *this, message_t *message) return NEED_MORE; } -/** - * Implementation of task_t.build for responder - */ -static status_t build_r(private_ike_rekey_t *this, message_t *message) +METHOD(task_t, build_r, status_t, + private_ike_rekey_t *this, message_t *message) { if (this->new_sa == NULL) { @@ -174,22 +202,17 @@ static status_t build_r(private_ike_rekey_t *this, message_t *message) } this->ike_sa->set_state(this->ike_sa, IKE_REKEYING); - this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED); - DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]", - this->new_sa->get_name(this->new_sa), - this->new_sa->get_unique_id(this->new_sa), - this->ike_sa->get_my_host(this->ike_sa), - this->ike_sa->get_my_id(this->ike_sa), - this->ike_sa->get_other_host(this->ike_sa), - this->ike_sa->get_other_id(this->ike_sa)); - - return SUCCESS; + + /* rekeying successful, delete the IKE_SA using a subtask */ + this->ike_delete = ike_delete_create(this->ike_sa, FALSE); + this->public.task.build = _build_r_delete; + this->public.task.process = _process_r_delete; + + return NEED_MORE; } -/** - * Implementation of task_t.process for initiator - */ -static status_t process_i(private_ike_rekey_t *this, message_t *message) +METHOD(task_t, process_i, status_t, + private_ike_rekey_t *this, message_t *message) { if (message->get_notify(message, NO_ADDITIONAL_SAS)) { @@ -228,15 +251,6 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) break; } - this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED); - DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]", - this->new_sa->get_name(this->new_sa), - this->new_sa->get_unique_id(this->new_sa), - this->ike_sa->get_my_host(this->ike_sa), - this->ike_sa->get_my_id(this->ike_sa), - this->ike_sa->get_other_host(this->ike_sa), - this->ike_sa->get_other_id(this->ike_sa)); - /* check for collisions */ if (this->collision && this->collision->get_type(this->collision) == IKE_REKEY) @@ -255,53 +269,40 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) /* if we have the lower nonce, delete rekeyed SA. If not, delete * the redundant. */ if (memcmp(this_nonce.ptr, other_nonce.ptr, -<<<<<<< HEAD - min(this_nonce.len, other_nonce.len)) < 0) -======= min(this_nonce.len, other_nonce.len)) > 0) ->>>>>>> upstream/4.5.1 { /* peer should delete this SA. Add a timeout just in case. */ job_t *job = (job_t*)delete_ike_sa_job_create( other->new_sa->get_id(other->new_sa), TRUE); lib->scheduler->schedule_job(lib->scheduler, job, 10); -<<<<<<< HEAD - DBG1(DBG_IKE, "IKE_SA rekey collision won, deleting rekeyed IKE_SA"); -======= DBG1(DBG_IKE, "IKE_SA rekey collision won, waiting for delete"); ->>>>>>> upstream/4.5.1 charon->ike_sa_manager->checkin(charon->ike_sa_manager, other->new_sa); other->new_sa = NULL; } else { -<<<<<<< HEAD - DBG1(DBG_IKE, "IKE_SA rekey collision lost, deleting redundant IKE_SA"); -======= DBG1(DBG_IKE, "IKE_SA rekey collision lost, " "deleting redundant IKE_SA"); ->>>>>>> upstream/4.5.1 /* apply host for a proper delete */ host = this->ike_sa->get_my_host(this->ike_sa); this->new_sa->set_my_host(this->new_sa, host->clone(host)); host = this->ike_sa->get_other_host(this->ike_sa); this->new_sa->set_other_host(this->new_sa, host->clone(host)); this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); + this->new_sa->set_state(this->new_sa, IKE_REKEYING); if (this->new_sa->delete(this->new_sa) == DESTROY_ME) { - charon->ike_sa_manager->checkin_and_destroy( - charon->ike_sa_manager, this->new_sa); + this->new_sa->destroy(this->new_sa); } else { charon->ike_sa_manager->checkin( charon->ike_sa_manager, this->new_sa); + /* set threads active IKE_SA after checkin */ + charon->bus->set_sa(charon->bus, this->ike_sa); } - /* set threads active IKE_SA after checkin */ - charon->bus->set_sa(charon->bus, this->ike_sa); - /* inherit to other->new_sa in destroy() */ - this->new_sa = other->new_sa; - other->new_sa = NULL; + this->new_sa = NULL; + establish_new(other); return SUCCESS; } } @@ -309,32 +310,33 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) charon->bus->set_sa(charon->bus, this->ike_sa); } + establish_new(this); + /* rekeying successful, delete the IKE_SA using a subtask */ this->ike_delete = ike_delete_create(this->ike_sa, TRUE); - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i_delete; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i_delete; + this->public.task.build = _build_i_delete; + this->public.task.process = _process_i_delete; return NEED_MORE; } -/** - * Implementation of task_t.get_type - */ -static task_type_t get_type(private_ike_rekey_t *this) +METHOD(task_t, get_type, task_type_t, + private_ike_rekey_t *this) { return IKE_REKEY; } -static void collide(private_ike_rekey_t* this, task_t *other) +METHOD(ike_rekey_t, collide, void, + private_ike_rekey_t* this, task_t *other) { + DBG1(DBG_IKE, "detected %N collision with %N", task_type_names, IKE_REKEY, + task_type_names, other->get_type(other)); DESTROY_IF(this->collision); this->collision = other; } -/** - * Implementation of task_t.migrate - */ -static void migrate(private_ike_rekey_t *this, ike_sa_t *ike_sa) +METHOD(task_t, migrate, void, + private_ike_rekey_t *this, ike_sa_t *ike_sa) { if (this->ike_init) { @@ -344,13 +346,7 @@ static void migrate(private_ike_rekey_t *this, ike_sa_t *ike_sa) { this->ike_delete->task.destroy(&this->ike_delete->task); } - if (this->new_sa) - { - charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, - this->new_sa); - /* set threads active IKE_SA after checkin */ - charon->bus->set_sa(charon->bus, this->ike_sa); - } + DESTROY_IF(this->new_sa); DESTROY_IF(this->collision); this->collision = NULL; @@ -360,28 +356,9 @@ static void migrate(private_ike_rekey_t *this, ike_sa_t *ike_sa) this->ike_delete = NULL; } -/** - * Implementation of task_t.destroy - */ -static void destroy(private_ike_rekey_t *this) +METHOD(task_t, destroy, void, + private_ike_rekey_t *this) { - if (this->new_sa) - { - if (this->new_sa->get_state(this->new_sa) == IKE_ESTABLISHED && - this->new_sa->inherit(this->new_sa, this->ike_sa) != DESTROY_ME) - { - /* invoke hook if rekeying was successful */ - charon->bus->ike_rekey(charon->bus, this->ike_sa, this->new_sa); - charon->ike_sa_manager->checkin(charon->ike_sa_manager, this->new_sa); - } - else - { - charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, - this->new_sa); - } - /* set threads active IKE_SA after checkin */ - charon->bus->set_sa(charon->bus, this->ike_sa); - } if (this->ike_init) { this->ike_init->task.destroy(&this->ike_init->task); @@ -390,6 +367,7 @@ static void destroy(private_ike_rekey_t *this) { this->ike_delete->task.destroy(&this->ike_delete->task); } + DESTROY_IF(this->new_sa); DESTROY_IF(this->collision); free(this); } @@ -399,29 +377,27 @@ static void destroy(private_ike_rekey_t *this) */ ike_rekey_t *ike_rekey_create(ike_sa_t *ike_sa, bool initiator) { - private_ike_rekey_t *this = malloc_thing(private_ike_rekey_t); - - this->public.collide = (void(*)(ike_rekey_t*,task_t*))collide; - this->public.task.get_type = (task_type_t(*)(task_t*))get_type; - this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; - this->public.task.destroy = (void(*)(task_t*))destroy; + private_ike_rekey_t *this; + + INIT(this, + .public = { + .task = { + .get_type = _get_type, + .build = _build_r, + .process = _process_r, + .migrate = _migrate, + .destroy = _destroy, + }, + .collide = _collide, + }, + .ike_sa = ike_sa, + .initiator = initiator, + ); if (initiator) { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; + this->public.task.build = _build_i; + this->public.task.process = _process_i; } - else - { - this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; - this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; - } - - this->ike_sa = ike_sa; - this->new_sa = NULL; - this->ike_init = NULL; - this->ike_delete = NULL; - this->initiator = initiator; - this->collision = NULL; return &this->public; } diff --git a/src/libcharon/tnc/imc/imc_manager.h b/src/libcharon/tnc/imc/imc_manager.h index 634afdbe8..ad83cf552 100644 --- a/src/libcharon/tnc/imc/imc_manager.h +++ b/src/libcharon/tnc/imc/imc_manager.h @@ -49,6 +49,14 @@ struct imc_manager_t { imc_t* (*remove)(imc_manager_t *this, TNC_IMCID id); /** + * Check if an IMC with a given ID is registered with the IMC manager + * + * @param id ID of IMC instance + * @return TRUE if registered + */ + bool (*is_registered)(imc_manager_t *this, TNC_IMCID id); + + /** * Return the preferred language for recommendations * * @return preferred language string diff --git a/src/libcharon/tnc/imv/imv_manager.h b/src/libcharon/tnc/imv/imv_manager.h index b5c581a75..0dd2d6253 100644 --- a/src/libcharon/tnc/imv/imv_manager.h +++ b/src/libcharon/tnc/imv/imv_manager.h @@ -50,6 +50,15 @@ struct imv_manager_t { imv_t* (*remove)(imv_manager_t *this, TNC_IMVID id); /** + * Check if an IMV with a given ID is registered with the IMV manager + * + * @param id ID of IMV instance + * @return TRUE if registered + */ + bool (*is_registered)(imv_manager_t *this, TNC_IMVID id); + + + /** * Get the configured recommendation policy * * @return configured recommendation policy @@ -67,11 +76,13 @@ struct imv_manager_t { * Enforce the TNC recommendation on the IKE_SA by either inserting an * allow|isolate group membership rule (TRUE) or by blocking access (FALSE) * - * @param void TNC action recommendation + * @param rec TNC action recommendation + * @param eval TNC evaluation result * @return TRUE for allow|isolate, FALSE for none */ bool (*enforce_recommendation)(imv_manager_t *this, - TNC_IMV_Action_Recommendation rec); + TNC_IMV_Action_Recommendation rec, + TNC_IMV_Evaluation_Result eval); /** * Notify all IMV instances diff --git a/src/libcharon/tnc/tnccs/tnccs.h b/src/libcharon/tnc/tnccs/tnccs.h index c5d6f5ef0..32f065f67 100644 --- a/src/libcharon/tnc/tnccs/tnccs.h +++ b/src/libcharon/tnc/tnccs/tnccs.h @@ -72,8 +72,9 @@ typedef tnccs_t* (*tnccs_constructor_t)(bool is_server); * @param msg message to be added * @param msg_len message length * @param msg_type message type + * @return result code */ -typedef void (*tnccs_send_message_t)(tnccs_t* tncss, TNC_IMCID imc_id, +typedef TNC_Result (*tnccs_send_message_t)(tnccs_t* tncss, TNC_IMCID imc_id, TNC_IMVID imv_id, TNC_BufferReference msg, TNC_UInt32 msg_len, diff --git a/src/libcharon/tnc/tnccs/tnccs_manager.c b/src/libcharon/tnc/tnccs/tnccs_manager.c index 7e522b870..609742dc8 100644 --- a/src/libcharon/tnc/tnccs/tnccs_manager.c +++ b/src/libcharon/tnc/tnccs/tnccs_manager.c @@ -215,11 +215,28 @@ METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID, } METHOD(tnccs_manager_t, remove_connection, void, - private_tnccs_manager_t *this, TNC_ConnectionID id) + private_tnccs_manager_t *this, TNC_ConnectionID id, bool is_server) { enumerator_t *enumerator; tnccs_connection_entry_t *entry; + if (is_server) + { + if (charon->imvs) + { + charon->imvs->notify_connection_change(charon->imvs, id, + TNC_CONNECTION_STATE_DELETE); + } + } + else + { + if (charon->imcs) + { + charon->imcs->notify_connection_change(charon->imcs, id, + TNC_CONNECTION_STATE_DELETE); + } + } + this->connection_lock->write_lock(this->connection_lock); enumerator = this->connections->create_enumerator(this->connections); while (enumerator->enumerate(enumerator, &entry)) @@ -254,8 +271,8 @@ METHOD(tnccs_manager_t, request_handshake_retry, TNC_Result, } else { - DBG2(DBG_TNC, "%s %u requests handshake retry for connection ID %u " - "(reason: %u)", is_imc ? "IMC":"IMV", id, reason); + DBG2(DBG_TNC, "%s %u requests handshake retry for Connection ID %u " + "(reason: %u)", is_imc ? "IMC":"IMV", imcv_id, id, reason); } this->connection_lock->read_lock(this->connection_lock); enumerator = this->connections->create_enumerator(this->connections); @@ -279,11 +296,23 @@ METHOD(tnccs_manager_t, send_message, TNC_Result, TNC_BufferReference msg, TNC_UInt32 msg_len, TNC_MessageType msg_type) + { enumerator_t *enumerator; tnccs_connection_entry_t *entry; tnccs_send_message_t send_message = NULL; tnccs_t *tnccs = NULL; + TNC_VendorID msg_vid; + TNC_MessageSubtype msg_subtype; + + msg_vid = (msg_type >> 8) & TNC_VENDORID_ANY; + msg_subtype = msg_type & TNC_SUBTYPE_ANY; + + if (msg_vid == TNC_VENDORID_ANY || msg_subtype == TNC_SUBTYPE_ANY) + { + DBG1(DBG_TNC, "not sending message of invalid type 0x%08x", msg_type); + return TNC_RESULT_INVALID_PARAMETER; + } this->connection_lock->read_lock(this->connection_lock); enumerator = this->connections->create_enumerator(this->connections); @@ -301,9 +330,8 @@ METHOD(tnccs_manager_t, send_message, TNC_Result, if (tnccs && send_message) { - send_message(tnccs, imc_id, imv_id, msg, msg_len, msg_type); - return TNC_RESULT_SUCCESS; - } + return send_message(tnccs, imc_id, imv_id, msg, msg_len, msg_type); + } return TNC_RESULT_FATAL; } diff --git a/src/libcharon/tnc/tnccs/tnccs_manager.h b/src/libcharon/tnc/tnccs/tnccs_manager.h index c02eac03c..34f60029d 100644 --- a/src/libcharon/tnc/tnccs/tnccs_manager.h +++ b/src/libcharon/tnc/tnccs/tnccs_manager.h @@ -82,8 +82,10 @@ struct tnccs_manager_t { * Remove a TNCCS connection using its connection ID. * * @param id ID of the connection to be removed + * @param is_server TNC Server if TRUE, TNC Client if FALSE */ - void (*remove_connection)(tnccs_manager_t *this, TNC_ConnectionID id); + void (*remove_connection)(tnccs_manager_t *this, TNC_ConnectionID id, + bool is_server); /** * Request a handshake retry diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in index f520d5669..47678029f 100644 --- a/src/libfast/Makefile.in +++ b/src/libfast/Makefile.in @@ -217,13 +217,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -244,6 +238,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -262,14 +258,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libfast/request.c b/src/libfast/request.c index b606d3e72..a3db70e82 100644 --- a/src/libfast/request.c +++ b/src/libfast/request.c @@ -120,11 +120,7 @@ static char *getenv_cb(void *null, const char *key) private_request_t *this = (private_request_t*)thread_this->get(thread_this); value = FCGX_GetParam(key, this->req.envp); -<<<<<<< HEAD - return value ? strdup(value) : NULL; -======= return strdupnull(value); ->>>>>>> upstream/4.5.1 } /** @@ -208,8 +204,6 @@ static char* get_query_data(private_request_t *this, char *name) } /** -<<<<<<< HEAD -======= * Implementation of request_t.get_env_var. */ static char* get_env_var(private_request_t *this, char *name) @@ -218,7 +212,6 @@ static char* get_env_var(private_request_t *this, char *name) } /** ->>>>>>> upstream/4.5.1 * Implementation of request_t.read_data. */ static int read_data(private_request_t *this, char *buf, int len) @@ -430,10 +423,7 @@ request_t *request_create(int fd, bool debug) this->public.add_cookie = (void(*)(request_t*, char *name, char *value))add_cookie; this->public.get_cookie = (char*(*)(request_t*,char*))get_cookie; this->public.get_query_data = (char*(*)(request_t*, char *name))get_query_data; -<<<<<<< HEAD -======= this->public.get_env_var = (char*(*)(request_t*, char *name))get_env_var; ->>>>>>> upstream/4.5.1 this->public.read_data = (int(*)(request_t*, char*, int))read_data; this->public.session_closed = (bool(*)(request_t*))session_closed; this->public.close_session = (void(*)(request_t*))close_session; diff --git a/src/libfast/request.h b/src/libfast/request.h index 48a82c3be..c9c1f13e2 100644 --- a/src/libfast/request.h +++ b/src/libfast/request.h @@ -86,8 +86,6 @@ struct request_t { char* (*get_query_data)(request_t *this, char *name); /** -<<<<<<< HEAD -======= * Get an arbitrary environment variable. * * @param name name of the environment variable @@ -96,7 +94,6 @@ struct request_t { char* (*get_env_var)(request_t *this, char *name); /** ->>>>>>> upstream/4.5.1 * Read raw POST/PUT data from HTTP request. * * @param buf buffer to read data into diff --git a/src/libfreeswan/Makefile.am b/src/libfreeswan/Makefile.am index d4571ccc7..09f5fe2cd 100644 --- a/src/libfreeswan/Makefile.am +++ b/src/libfreeswan/Makefile.am @@ -1,18 +1,10 @@ noinst_LIBRARIES = libfreeswan.a libfreeswan_a_SOURCES = addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \ -<<<<<<< HEAD - atosa.c atosubnet.c atoul.c copyright.c datatot.c freeswan.h \ - goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \ - keyblobtoid.c pfkey_v2_build.c pfkey_v2_debug.c \ - pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c rangetoa.c \ - pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c satoa.c \ -======= atosubnet.c atoul.c copyright.c datatot.c freeswan.h \ goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \ pfkey_v2_build.c pfkey_v2_debug.c \ pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c rangetoa.c \ pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c \ ->>>>>>> upstream/4.5.1 satot.c subnetof.c subnettoa.c subnettot.c \ subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c ttosa.c ttosubnet.c ttoul.c \ ultoa.c ultot.c @@ -22,12 +14,7 @@ INCLUDES = \ -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/pluto -<<<<<<< HEAD -dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \ - keyblobtoid.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ -======= dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \ portof.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ ->>>>>>> upstream/4.5.1 ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 diff --git a/src/libfreeswan/Makefile.in b/src/libfreeswan/Makefile.in index 693ead287..d00ae91e0 100644 --- a/src/libfreeswan/Makefile.in +++ b/src/libfreeswan/Makefile.in @@ -58,21 +58,6 @@ libfreeswan_a_AR = $(AR) $(ARFLAGS) libfreeswan_a_LIBADD = am_libfreeswan_a_OBJECTS = addrtoa.$(OBJEXT) addrtot.$(OBJEXT) \ addrtypeof.$(OBJEXT) anyaddr.$(OBJEXT) atoaddr.$(OBJEXT) \ -<<<<<<< HEAD - atoasr.$(OBJEXT) atosa.$(OBJEXT) atosubnet.$(OBJEXT) \ - atoul.$(OBJEXT) copyright.$(OBJEXT) datatot.$(OBJEXT) \ - goodmask.$(OBJEXT) initaddr.$(OBJEXT) initsaid.$(OBJEXT) \ - initsubnet.$(OBJEXT) keyblobtoid.$(OBJEXT) \ - pfkey_v2_build.$(OBJEXT) pfkey_v2_debug.$(OBJEXT) \ - pfkey_v2_ext_bits.$(OBJEXT) pfkey_v2_parse.$(OBJEXT) \ - portof.$(OBJEXT) prng.$(OBJEXT) rangetoa.$(OBJEXT) \ - rangetosubnet.$(OBJEXT) sameaddr.$(OBJEXT) satoa.$(OBJEXT) \ - satot.$(OBJEXT) subnetof.$(OBJEXT) subnettoa.$(OBJEXT) \ - subnettot.$(OBJEXT) subnettypeof.$(OBJEXT) ttoaddr.$(OBJEXT) \ - ttodata.$(OBJEXT) ttoprotoport.$(OBJEXT) ttosa.$(OBJEXT) \ - ttosubnet.$(OBJEXT) ttoul.$(OBJEXT) ultoa.$(OBJEXT) \ - ultot.$(OBJEXT) -======= atoasr.$(OBJEXT) atosubnet.$(OBJEXT) atoul.$(OBJEXT) \ copyright.$(OBJEXT) datatot.$(OBJEXT) goodmask.$(OBJEXT) \ initaddr.$(OBJEXT) initsaid.$(OBJEXT) initsubnet.$(OBJEXT) \ @@ -84,7 +69,6 @@ am_libfreeswan_a_OBJECTS = addrtoa.$(OBJEXT) addrtot.$(OBJEXT) \ ttoaddr.$(OBJEXT) ttodata.$(OBJEXT) ttoprotoport.$(OBJEXT) \ ttosa.$(OBJEXT) ttosubnet.$(OBJEXT) ttoul.$(OBJEXT) \ ultoa.$(OBJEXT) ultot.$(OBJEXT) ->>>>>>> upstream/4.5.1 libfreeswan_a_OBJECTS = $(am_libfreeswan_a_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp @@ -248,13 +232,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -275,6 +253,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -293,14 +273,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -310,19 +288,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ noinst_LIBRARIES = libfreeswan.a libfreeswan_a_SOURCES = addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \ -<<<<<<< HEAD - atosa.c atosubnet.c atoul.c copyright.c datatot.c freeswan.h \ - goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \ - keyblobtoid.c pfkey_v2_build.c pfkey_v2_debug.c \ - pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c rangetoa.c \ - pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c satoa.c \ -======= atosubnet.c atoul.c copyright.c datatot.c freeswan.h \ goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \ pfkey_v2_build.c pfkey_v2_debug.c \ pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c rangetoa.c \ pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c \ ->>>>>>> upstream/4.5.1 satot.c subnetof.c subnettoa.c subnettot.c \ subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c ttosa.c ttosubnet.c ttoul.c \ ultoa.c ultot.c @@ -332,13 +302,8 @@ INCLUDES = \ -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/pluto -<<<<<<< HEAD -dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \ - keyblobtoid.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ -======= dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \ portof.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ ->>>>>>> upstream/4.5.1 ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 all: all-am @@ -395,10 +360,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/anyaddr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atoaddr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atoasr.Po@am__quote@ -<<<<<<< HEAD -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atosa.Po@am__quote@ -======= ->>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atosubnet.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atoul.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/copyright.Po@am__quote@ @@ -407,26 +368,14 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initaddr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initsaid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initsubnet.Po@am__quote@ -<<<<<<< HEAD -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyblobtoid.Po@am__quote@ -======= ->>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pfkey_v2_build.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pfkey_v2_debug.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pfkey_v2_ext_bits.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pfkey_v2_parse.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/portof.Po@am__quote@ -<<<<<<< HEAD -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prng.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rangetoa.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rangetosubnet.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sameaddr.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/satoa.Po@am__quote@ -======= @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rangetoa.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rangetosubnet.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sameaddr.Po@am__quote@ ->>>>>>> upstream/4.5.1 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/satot.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/subnetof.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/subnettoa.Po@am__quote@ diff --git a/src/libfreeswan/atoaddr.c b/src/libfreeswan/atoaddr.c index 8f1be0a84..a3643801e 100644 --- a/src/libfreeswan/atoaddr.c +++ b/src/libfreeswan/atoaddr.c @@ -45,7 +45,7 @@ struct in_addr *addrp; { struct addrinfo hints, *res; struct netent *ne = NULL; - const char *oops; + const char *oops, *msg = NULL; # define HEXLEN 10 /* strlen("0x11223344") */ # ifndef ATOADDRBUF # define ATOADDRBUF 100 @@ -84,10 +84,18 @@ struct in_addr *addrp; /* next, check that it's a vaguely legal name */ for (q = p; *q != '\0'; q++) + { if (!isprint(*q)) - return "unprintable character in name"; + { + msg = "unprintable character in name"; + goto error; + } + } if (strspn(p, namechars) != srclen) - return "illegal (non-DNS-name) character in name"; + { + msg = "illegal (non-DNS-name) character in name"; + goto error; + } /* try as host name, failing that as /etc/networks network name */ memset(&hints, 0, sizeof(hints)); @@ -98,11 +106,8 @@ struct in_addr *addrp; ne = getnetbyname(p); if (ne == NULL) { - if (p != namebuf) - { - FREE(p); - } - return "name lookup failed"; + msg = "name lookup failed"; + goto error; } addrp->s_addr = htonl(ne->n_net); } @@ -113,12 +118,13 @@ struct in_addr *addrp; freeaddrinfo(res); } +error: if (p != namebuf) { FREE(p); } - return NULL; + return msg; } /* diff --git a/src/libfreeswan/copyright.c b/src/libfreeswan/copyright.c index ff4575add..e55e849f7 100644 --- a/src/libfreeswan/copyright.c +++ b/src/libfreeswan/copyright.c @@ -27,15 +27,6 @@ static const char *co[] = { " Christoph Gysin, Andreas Hess, Patric Lichtsteiner, Michael Meier,", " Andreas Schleiss, Ariane Seiler, Mario Strasser, Lukas Suter,", " Roger Wegmann, Simon Zwahlen,", -<<<<<<< HEAD - " Zuercher Hochschule Winterthur (Switzerland).", - "", - " Philip Boetschi, Tobias Brunner, Adrian Doerig, Andreas Eigenmann,", - " Fabian Hartmann, Noah Heusser, Jan Hutter, Thomas Kallenberg,", - " Daniel Roethlisberger, Joel Stillhart, Martin Willi, Daniel Wydler,", - " Andreas Steffen,", - " Hochschule fuer Technik Rapperswil (Switzerland).", -======= " ZHW Zuercher Hochschule Winterthur (Switzerland).", "", " Philip Boetschi, Tobias Brunner, Sansar Choinyambuu, Adrian Doerig,", @@ -43,7 +34,6 @@ static const char *co[] = { " Thomas Kallenberg, Daniel Roethlisberger, Joel Stillhart, Martin Willi,", " Daniel Wydler, Andreas Steffen,", " HSR Hochschule fuer Technik Rapperswil (Switzerland).", ->>>>>>> upstream/4.5.1 "", "This program is free software; you can redistribute it and/or modify it", "under the terms of the GNU General Public License as published by the", diff --git a/src/libfreeswan/freeswan.h b/src/libfreeswan/freeswan.h index 94a8a5266..724165bde 100644 --- a/src/libfreeswan/freeswan.h +++ b/src/libfreeswan/freeswan.h @@ -158,14 +158,6 @@ err_t ttodatav(const char *src, size_t srclen, int base, size_t datatot(const char *src, size_t srclen, int format, char *buf, size_t buflen); -<<<<<<< HEAD -size_t keyblobtoid(const unsigned char *src, size_t srclen, char *dst, - size_t dstlen); -size_t splitkeytoid(const unsigned char *e, size_t elen, const unsigned char *m, - size_t mlen, char *dst, size_t dstlen); -#define KEYID_BUF 10 /* up to 9 text digits plus NUL */ -======= ->>>>>>> upstream/4.5.1 err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port, bool *has_port_wildcard); @@ -209,15 +201,6 @@ void setportof(int port, ip_address *dst); struct sockaddr *sockaddrof(ip_address *src); size_t sockaddrlenof(const ip_address *src); -<<<<<<< HEAD -/* PRNG */ -void prng_init(struct prng *prng, const unsigned char *key, size_t keylen); -void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen); -unsigned long prng_count(struct prng *prng); -void prng_final(struct prng *prng); - -======= ->>>>>>> upstream/4.5.1 /* odds and ends */ const char **ipsec_copyright_notice(void); @@ -300,27 +283,6 @@ rangetoa( ); #define RANGETOA_BUF 34 /* large enough for worst case result */ -<<<<<<< HEAD -/* data types for SA conversion functions */ - -/* SAs */ -const char * /* NULL for success, else string literal */ -atosa( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - struct sa_id *sa -); -size_t /* space needed for full conversion */ -satoa( - struct sa_id sa, - int format, /* character; 0 means default */ - char *dst, - size_t dstlen -); -#define SATOA_BUF (3+ULTOA_BUF+ADDRTOA_BUF) - -======= ->>>>>>> upstream/4.5.1 /* generic data, e.g. keys */ const char * /* NULL for success, else string literal */ atobytes( diff --git a/src/libfreeswan/pfkey_v2_debug.c b/src/libfreeswan/pfkey_v2_debug.c index 0217538a0..0762d8f2b 100644 --- a/src/libfreeswan/pfkey_v2_debug.c +++ b/src/libfreeswan/pfkey_v2_debug.c @@ -54,10 +54,11 @@ static char *pfkey_sadb_ext_strings[]={ "X-source-mask", /* SADB_X_EXT_ADDRESS_SRC_MASK 23 */ "X-dest-mask", /* SADB_X_EXT_ADDRESS_DST_MASK 24 */ "X-set-debug", /* SADB_X_EXT_DEBUG 25 */ - "X-NAT-T-type", /* SADB_X_EXT_NAT_T_TYPE 26 */ - "X-NAT-T-sport", /* SADB_X_EXT_NAT_T_SPORT 27 */ - "X-NAT-T-dport", /* SADB_X_EXT_NAT_T_DPORT 28 */ - "X-NAT-T-OA", /* SADB_X_EXT_NAT_T_OA 29 */ + "X-protocol", /* SADB_X_EXT_PROTOCOL 26 */ + "X-NAT-T-type", /* SADB_X_EXT_NAT_T_TYPE 27 */ + "X-NAT-T-sport", /* SADB_X_EXT_NAT_T_SPORT 28 */ + "X-NAT-T-dport", /* SADB_X_EXT_NAT_T_DPORT 29 */ + "X-NAT-T-OA", /* SADB_X_EXT_NAT_T_OA 30 */ }; const char * @@ -72,23 +73,24 @@ pfkey_v2_sadb_ext_string(int ext) static char *pfkey_sadb_type_strings[]={ - "reserved", /* SADB_RESERVED */ - "getspi", /* SADB_GETSPI */ - "update", /* SADB_UPDATE */ - "add", /* SADB_ADD */ - "delete", /* SADB_DELETE */ - "get", /* SADB_GET */ - "acquire", /* SADB_ACQUIRE */ - "register", /* SADB_REGISTER */ - "expire", /* SADB_EXPIRE */ - "flush", /* SADB_FLUSH */ - "dump", /* SADB_DUMP */ - "x-promisc", /* SADB_X_PROMISC */ - "x-pchange", /* SADB_X_PCHANGE */ - "x-groupsa", /* SADB_X_GRPSA */ - "x-addflow(eroute)", /* SADB_X_ADDFLOW */ - "x-delflow(eroute)", /* SADB_X_DELFLOW */ - "x-debug", /* SADB_X_DEBUG */ + "reserved", /* SADB_RESERVED */ + "getspi", /* SADB_GETSPI */ + "update", /* SADB_UPDATE */ + "add", /* SADB_ADD */ + "delete", /* SADB_DELETE */ + "get", /* SADB_GET */ + "acquire", /* SADB_ACQUIRE */ + "register", /* SADB_REGISTER */ + "expire", /* SADB_EXPIRE */ + "flush", /* SADB_FLUSH */ + "dump", /* SADB_DUMP */ + "x-promisc", /* SADB_X_PROMISC */ + "x-pchange", /* SADB_X_PCHANGE */ + "x-groupsa", /* SADB_X_GRPSA */ + "x-addflow(eroute)", /* SADB_X_ADDFLOW */ + "x-delflow(eroute)", /* SADB_X_DELFLOW */ + "x-debug", /* SADB_X_DEBUG */ + "x-nat-t-new-mapping", /* SADB_X_NAT_T_NEW_MAPPING */ }; const char * diff --git a/src/libfreeswan/pfkey_v2_parse.c b/src/libfreeswan/pfkey_v2_parse.c index 49d5cdf4a..a143003b3 100644 --- a/src/libfreeswan/pfkey_v2_parse.c +++ b/src/libfreeswan/pfkey_v2_parse.c @@ -1247,6 +1247,7 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, pfkey_msg->sadb_msg_type, pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type)); } + /* fall through */ case SADB_ACQUIRE: case SADB_REGISTER: case SADB_EXPIRE: diff --git a/src/libfreeswan/satot.c b/src/libfreeswan/satot.c index e70036482..a3feb1591 100644 --- a/src/libfreeswan/satot.c +++ b/src/libfreeswan/satot.c @@ -77,7 +77,7 @@ size_t dstlen; break; /* NOTE BREAK OUT */ } if (pre == NULL) { /* unknown protocol */ - strcpy(unk, "unk"); + strncpy(unk, "unk", sizeof(unk)); (void) ultot((unsigned char)sa->proto, 10, unk+strlen(unk), sizeof(unk)-strlen(unk)); pre = unk; @@ -86,9 +86,9 @@ size_t dstlen; if (strcmp(pre, PASSTHROUGHTYPE) == 0 && sa->spi == PASSTHROUGHSPI && isunspecaddr(&sa->dst)) { - strcpy(buf, (addrtypeof(&sa->dst) == AF_INET) ? + strncpy(buf, (addrtypeof(&sa->dst) == AF_INET) ? PASSTHROUGH4NAME : - PASSTHROUGH6NAME); + PASSTHROUGH6NAME, sizeof(buf)); len = strlen(buf); } @@ -104,13 +104,13 @@ size_t dstlen; default: p = NULL; break; } if (p != NULL) { - strcpy(buf, p); + strncpy(buf, p, sizeof(buf)); len = strlen(buf); } } if (len == 0) { /* general case needed */ - strcpy(buf, pre); + strncpy(buf, pre, sizeof(buf)); len = strlen(buf); if (showversion) { *(buf+len) = (addrtypeof(&sa->dst) == AF_INET) ? '.' : @@ -126,7 +126,7 @@ size_t dstlen; if (dst != NULL) { if (len > dstlen) *(buf+dstlen-1) = '\0'; - strcpy(dst, buf); + strncpy(dst, buf, dstlen); } return len; } diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in index 4f65ac93f..08c73b5e3 100644 --- a/src/libhydra/Makefile.in +++ b/src/libhydra/Makefile.in @@ -271,13 +271,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -298,6 +292,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -316,14 +312,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c index 894bfb3bb..4b5b41f2b 100644 --- a/src/libhydra/kernel/kernel_interface.c +++ b/src/libhydra/kernel/kernel_interface.c @@ -78,29 +78,19 @@ METHOD(kernel_interface_t, get_cpi, status_t, METHOD(kernel_interface_t, add_sa, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, -<<<<<<< HEAD - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, - mark_t mark, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, -======= u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, ->>>>>>> upstream/4.5.1 u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, - u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts) + u_int16_t cpi, bool encap, bool esn, bool inbound, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { if (!this->ipsec) { return NOT_SUPPORTED; } return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid, -<<<<<<< HEAD - mark, lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, - cpi, encap, inbound, src_ts, dst_ts); -======= mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode, - ipcomp, cpi, encap, inbound, src_ts, dst_ts); ->>>>>>> upstream/4.5.1 + ipcomp, cpi, encap, esn, inbound, src_ts, dst_ts); } METHOD(kernel_interface_t, update_sa, status_t, diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h index 200628f8c..471a1d5d3 100644 --- a/src/libhydra/kernel/kernel_interface.h +++ b/src/libhydra/kernel/kernel_interface.h @@ -91,10 +91,7 @@ struct kernel_interface_t { * @param protocol protocol for this SA (ESP/AH) * @param reqid unique ID for this SA * @param mark optional mark for this SA -<<<<<<< HEAD -======= * @param tfc Traffic Flow Confidentiality padding for this SA ->>>>>>> upstream/4.5.1 * @param lifetime lifetime_cfg_t for this SA * @param enc_alg Algorithm to use for encryption (ESP only) * @param enc_key key to use for encryption @@ -104,6 +101,7 @@ struct kernel_interface_t { * @param ipcomp IPComp transform to use * @param cpi CPI for IPComp * @param encap enable UDP encapsulation for NAT traversal + * @param esn TRUE to use Extended Sequence Numbers * @param inbound TRUE if this is an inbound SA * @param src_ts traffic selector with BEET source address * @param dst_ts traffic selector with BEET destination address @@ -112,15 +110,11 @@ struct kernel_interface_t { status_t (*add_sa) (kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, -<<<<<<< HEAD - lifetime_cfg_t *lifetime, -======= u_int32_t tfc, lifetime_cfg_t *lifetime, ->>>>>>> upstream/4.5.1 u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool encap, bool inbound, + bool encap, bool esn, bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts); /** diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h index 7145dda8e..ef36efd11 100644 --- a/src/libhydra/kernel/kernel_ipsec.h +++ b/src/libhydra/kernel/kernel_ipsec.h @@ -204,10 +204,7 @@ struct kernel_ipsec_t { * @param protocol protocol for this SA (ESP/AH) * @param reqid unique ID for this SA * @param mark mark for this SA -<<<<<<< HEAD -======= * @param tfc Traffic Flow Confidentiality padding for this SA ->>>>>>> upstream/4.5.1 * @param lifetime lifetime_cfg_t for this SA * @param enc_alg Algorithm to use for encryption (ESP only) * @param enc_key key to use for encryption @@ -217,6 +214,7 @@ struct kernel_ipsec_t { * @param ipcomp IPComp transform to use * @param cpi CPI for IPComp * @param encap enable UDP encapsulation for NAT traversal + * @param esn TRUE to use Extended Sequence Numbers * @param inbound TRUE if this is an inbound SA * @param src_ts traffic selector with BEET source address * @param dst_ts traffic selector with BEET destination address @@ -225,15 +223,11 @@ struct kernel_ipsec_t { status_t (*add_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, -<<<<<<< HEAD - mark_t mark, lifetime_cfg_t *lifetime, -======= mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime, ->>>>>>> upstream/4.5.1 u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool encap, bool inbound, + bool encap, bool esn, bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts); /** diff --git a/src/libhydra/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in index 45ecb9924..250ac9539 100644 --- a/src/libhydra/plugins/attr/Makefile.in +++ b/src/libhydra/plugins/attr/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libhydra/plugins/attr/attr_plugin.c b/src/libhydra/plugins/attr/attr_plugin.c index 1edb92c1f..cb14495af 100644 --- a/src/libhydra/plugins/attr/attr_plugin.c +++ b/src/libhydra/plugins/attr/attr_plugin.c @@ -36,15 +36,21 @@ struct private_attr_plugin_t { attr_provider_t *provider; }; -<<<<<<< HEAD -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_attr_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_attr_plugin_t *this) +{ + return "attr"; +} + +METHOD(plugin_t, reload, bool, + private_attr_plugin_t *this) +{ + this->provider->reload(this->provider); + return TRUE; +} + METHOD(plugin_t, destroy, void, private_attr_plugin_t *this) ->>>>>>> upstream/4.5.1 { hydra->attributes->remove_provider(hydra->attributes, &this->provider->provider); this->provider->destroy(this->provider); @@ -56,24 +62,18 @@ METHOD(plugin_t, destroy, void, */ plugin_t *attr_plugin_create() { -<<<<<<< HEAD - private_attr_plugin_t *this = malloc_thing(private_attr_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - this->provider = attr_provider_create(); -======= private_attr_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = _reload, .destroy = _destroy, }, }, .provider = attr_provider_create(), ); ->>>>>>> upstream/4.5.1 hydra->attributes->add_provider(hydra->attributes, &this->provider->provider); return &this->public.plugin; diff --git a/src/libhydra/plugins/attr/attr_provider.c b/src/libhydra/plugins/attr/attr_provider.c index b3c0cc076..44242c259 100644 --- a/src/libhydra/plugins/attr/attr_provider.c +++ b/src/libhydra/plugins/attr/attr_provider.c @@ -21,6 +21,7 @@ #include <hydra.h> #include <debug.h> #include <utils/linked_list.h> +#include <threading/rwlock.h> #define SERVER_MAX 2 @@ -41,6 +42,11 @@ struct private_attr_provider_t { * List of attributes, attribute_entry_t */ linked_list_t *attributes; + + /** + * Lock for attribute list + */ + rwlock_t *lock; }; struct attribute_entry_t { @@ -51,6 +57,15 @@ struct attribute_entry_t { }; /** + * Destroy an entry + */ +static void attribute_destroy(attribute_entry_t *this) +{ + free(this->value.ptr); + free(this); +} + +/** * convert enumerator value from attribute_entry */ static bool attr_enum_filter(void *null, attribute_entry_t **in, @@ -61,35 +76,26 @@ static bool attr_enum_filter(void *null, attribute_entry_t **in, return TRUE; } -/** - * Implementation of attribute_provider_t.create_attribute_enumerator - */ -static enumerator_t* create_attribute_enumerator(private_attr_provider_t *this, - char *pool, identification_t *id, host_t *vip) +METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, + private_attr_provider_t *this, char *pool, + identification_t *id, host_t *vip) { if (vip) { + this->lock->read_lock(this->lock); return enumerator_create_filter( - this->attributes->create_enumerator(this->attributes), - (void*)attr_enum_filter, NULL, NULL); + this->attributes->create_enumerator(this->attributes), + (void*)attr_enum_filter, this->lock, (void*)this->lock->unlock); } return enumerator_create_empty(); } -/** - * Implementation of attr_provider_t.destroy - */ -static void destroy(private_attr_provider_t *this) +METHOD(attr_provider_t, destroy, void, + private_attr_provider_t *this) { - attribute_entry_t *entry; - - while (this->attributes->remove_last(this->attributes, - (void**)&entry) == SUCCESS) - { - free(entry->value.ptr); - free(entry); - } - this->attributes->destroy(this->attributes); + this->attributes->destroy_function(this->attributes, + (void*)attribute_destroy); + this->lock->destroy(this->lock); free(this); } @@ -129,6 +135,8 @@ static void add_legacy_entry(private_attr_provider_t *this, char *key, int nr, entry->type = type; entry->value = chunk_clone(host->get_address(host)); host->destroy(host); + DBG2(DBG_CFG, "loaded legacy entry attribute %N: %#B", + configuration_attribute_type_names, entry->type, &entry->value); this->attributes->insert_last(this->attributes, entry); } } @@ -158,6 +166,13 @@ static void load_entries(private_attr_provider_t *this) { enumerator_t *enumerator, *tokens; char *key, *value, *token; + int i; + + for (i = 1; i <= SERVER_MAX; i++) + { + add_legacy_entry(this, "dns", i, INTERNAL_IP4_DNS); + add_legacy_entry(this, "nbns", i, INTERNAL_IP4_NBNS); + } enumerator = lib->settings->create_key_value_enumerator(lib->settings, "%s.plugins.attr", hydra->daemon); @@ -231,6 +246,8 @@ static void load_entries(private_attr_provider_t *this) } } host->destroy(host); + DBG2(DBG_CFG, "loaded attribute %N: %#B", + configuration_attribute_type_names, entry->type, &entry->value); this->attributes->insert_last(this->attributes, entry); } tokens->destroy(tokens); @@ -238,28 +255,43 @@ static void load_entries(private_attr_provider_t *this) enumerator->destroy(enumerator); } +METHOD(attr_provider_t, reload, void, + private_attr_provider_t *this) +{ + this->lock->write_lock(this->lock); + + this->attributes->destroy_function(this->attributes, (void*)attribute_destroy); + this->attributes = linked_list_create(); + + load_entries(this); + + DBG1(DBG_CFG, "loaded %d entr%s for attr plugin configuration", + this->attributes->get_count(this->attributes), + this->attributes->get_count(this->attributes) == 1 ? "y" : "ies"); + + this->lock->unlock(this->lock); +} + /* * see header file */ attr_provider_t *attr_provider_create(database_t *db) { private_attr_provider_t *this; - int i; - - this = malloc_thing(private_attr_provider_t); - - this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))return_null; - this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))return_false; - this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, char *names, identification_t *id, host_t *vip))create_attribute_enumerator; - this->public.destroy = (void(*)(attr_provider_t*))destroy; - - this->attributes = linked_list_create(); - for (i = 1; i <= SERVER_MAX; i++) - { - add_legacy_entry(this, "dns", i, INTERNAL_IP4_DNS); - add_legacy_entry(this, "nbns", i, INTERNAL_IP4_NBNS); - } + INIT(this, + .public = { + .provider = { + .acquire_address = (void*)return_null, + .release_address = (void*)return_false, + .create_attribute_enumerator = _create_attribute_enumerator, + }, + .reload = _reload, + .destroy = _destroy, + }, + .attributes = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); load_entries(this); diff --git a/src/libhydra/plugins/attr/attr_provider.h b/src/libhydra/plugins/attr/attr_provider.h index a41466718..17db30408 100644 --- a/src/libhydra/plugins/attr/attr_provider.h +++ b/src/libhydra/plugins/attr/attr_provider.h @@ -36,6 +36,11 @@ struct attr_provider_t { attribute_provider_t provider; /** + * Reload configuration from strongswan.conf. + */ + void (*reload)(attr_provider_t *this); + + /** * Destroy a attr_provider instance. */ void (*destroy)(attr_provider_t *this); diff --git a/src/libhydra/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in index 729738d60..80d497f59 100644 --- a/src/libhydra/plugins/attr_sql/Makefile.in +++ b/src/libhydra/plugins/attr_sql/Makefile.in @@ -232,13 +232,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,6 +253,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -277,14 +273,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c index e47f9f03a..c04ec9a01 100644 --- a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c +++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c @@ -40,18 +40,16 @@ struct private_attr_sql_plugin_t { * configuration attributes */ sql_attribute_t *attribute; - }; -<<<<<<< HEAD -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_attr_sql_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_attr_sql_plugin_t *this) +{ + return "attr-sql"; +} + METHOD(plugin_t, destroy, void, private_attr_sql_plugin_t *this) ->>>>>>> upstream/4.5.1 { hydra->attributes->remove_provider(hydra->attributes, &this->attribute->provider); this->attribute->destroy(this->attribute); @@ -64,41 +62,28 @@ METHOD(plugin_t, destroy, void, */ plugin_t *attr_sql_plugin_create() { -<<<<<<< HEAD - char *uri; - private_attr_sql_plugin_t *this; - - uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL); -======= private_attr_sql_plugin_t *this; char *uri; uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL); ->>>>>>> upstream/4.5.1 if (!uri) { DBG1(DBG_CFG, "attr-sql plugin: database URI not set"); return NULL; } -<<<<<<< HEAD - this = malloc_thing(private_attr_sql_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - this->db = lib->db->create(lib->db, uri); -======= INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, .db = lib->db->create(lib->db, uri), ); ->>>>>>> upstream/4.5.1 if (!this->db) { DBG1(DBG_CFG, "attr-sql plugin failed to connect to database"); diff --git a/src/libhydra/plugins/attr_sql/pool.c b/src/libhydra/plugins/attr_sql/pool.c index b4bdfc629..e81a23ed9 100644 --- a/src/libhydra/plugins/attr_sql/pool.c +++ b/src/libhydra/plugins/attr_sql/pool.c @@ -379,7 +379,7 @@ static void add(char *name, host_t *start, host_t *end, int timeout) chunk_increment(cur_addr); } commit_transaction(); - printf("done.\n", count); + printf("done.\n"); } static bool add_address(u_int pool_id, char *address_str, int *family) @@ -407,9 +407,11 @@ static bool add_address(u_int pool_id, char *address_str, int *family) fprintf(stderr, "invalid address '%s'.\n", address_str); return FALSE; } - if (family && *family && *family != address->get_family(address)) + if (family && *family != AF_UNSPEC && + *family != address->get_family(address)) { fprintf(stderr, "invalid address family '%s'.\n", address_str); + address->destroy(address); return FALSE; } @@ -421,9 +423,13 @@ static bool add_address(u_int pool_id, char *address_str, int *family) DB_UINT, user_id, DB_UINT, 0, DB_UINT, 1) != 1) { fprintf(stderr, "inserting address '%s' failed.\n", address_str); + address->destroy(address); return FALSE; } - *family = address->get_family(address); + if (family) + { + *family = address->get_family(address); + } address->destroy(address); return TRUE; @@ -469,6 +475,10 @@ static void add_addresses(char *pool, char *path, int timeout) } if (add_address(pool_id, address_str, &family) == FALSE) { + if (file != stdin) + { + fclose(file); + } exit(EXIT_FAILURE); } ++count; @@ -586,7 +596,7 @@ static void resize(char *name, host_t *end) DB_UINT, id, DB_BLOB, cur_addr, DB_UINT, 0, DB_UINT, 0, DB_UINT, 1); } commit_transaction(); - printf("done.\n", count); + printf("done.\n"); } @@ -1004,6 +1014,7 @@ static void do_args(int argc, char *argv[]) break; case '1': operation = OP_STATUS_ATTR; + break; case 'u': utc = TRUE; continue; diff --git a/src/libhydra/plugins/attr_sql/pool_attributes.c b/src/libhydra/plugins/attr_sql/pool_attributes.c index 5f7afdfcd..5c7397476 100644 --- a/src/libhydra/plugins/attr_sql/pool_attributes.c +++ b/src/libhydra/plugins/attr_sql/pool_attributes.c @@ -241,7 +241,7 @@ static bool parse_attributes(char *name, char *value, value_type_t *value_type, /* clean up */ DESTROY_IF(addr); - /* is the attribute type numeric? */ + /* is the attribute type numeric? */ *type = strtol(name, &endptr, 10); if (*endptr != '\0') @@ -262,7 +262,7 @@ static bool parse_attributes(char *name, char *value, value_type_t *value_type, } return TRUE; } - + /** * Lookup/insert an attribute pool by name */ @@ -541,11 +541,11 @@ void del_attr(char *name, char *pool, char *identity, } } else - { + { if (value_type == VALUE_ADDR) { host_t *server = host_create_from_chunk(AF_UNSPEC, blob, 0); - + fprintf(stderr, "the %s server %H%s was not found.\n", name, server, id_pool_str); server->destroy(server); @@ -630,7 +630,7 @@ void status_attr(bool hexout) if (type == attr_info[i].type) { value_type = attr_info[i].value_type; - break; + break; } } } @@ -671,8 +671,8 @@ void status_attr(bool hexout) } break; case VALUE_STRING: - printf("\"%.*s\"\n", value.len, value.ptr); - break; + printf("\"%.*s\"\n", (int)value.len, value.ptr); + break; case VALUE_HEX: default: printf(" %#B\n", &value); @@ -692,13 +692,13 @@ void show_attr(void) for (i = 0; i < countof(attr_info); i++) { char value_name[10]; - - + + snprintf(value_name, sizeof(value_name), "%N", value_type_names, attr_info[i].value_type); - - printf("%-20s --%-6s (%N", - attr_info[i].keyword, value_name, + + printf("%-20s --%-6s (%N", + attr_info[i].keyword, value_name, configuration_attribute_type_names, attr_info[i].type); if (attr_info[i].type_ip6) diff --git a/src/libhydra/plugins/kernel_klips/Makefile.in b/src/libhydra/plugins/kernel_klips/Makefile.in index e4de26b60..5f6512b44 100644 --- a/src/libhydra/plugins/kernel_klips/Makefile.in +++ b/src/libhydra/plugins/kernel_klips/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c index f98dfcec5..ff4f0ed55 100644 --- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c @@ -1668,14 +1668,10 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this, METHOD(kernel_ipsec_t, add_sa, status_t, private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, -<<<<<<< HEAD - u_int8_t protocol, u_int32_t reqid, mark_t mark, -======= u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, ->>>>>>> upstream/4.5.1 lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, + u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { unsigned char request[PFKEY_BUFFER_SIZE]; diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c b/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c index cbfc59a10..7fe47f630 100644 --- a/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c +++ b/src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c @@ -32,15 +32,14 @@ struct private_kernel_klips_plugin_t { kernel_klips_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_kernel_klips_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_kernel_klips_plugin_t *this) +{ + return "kernel-klips"; +} + METHOD(plugin_t, destroy, void, private_kernel_klips_plugin_t *this) ->>>>>>> upstream/4.5.1 { hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_klips_ipsec_create); @@ -52,22 +51,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *kernel_klips_plugin_create() { -<<<<<<< HEAD - private_kernel_klips_plugin_t *this = malloc_thing(private_kernel_klips_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - -======= private_kernel_klips_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_klips_ipsec_create); diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in index d293347cf..78dfb1b54 100644 --- a/src/libhydra/plugins/kernel_netlink/Makefile.in +++ b/src/libhydra/plugins/kernel_netlink/Makefile.in @@ -224,13 +224,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -251,6 +245,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -269,14 +265,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index bd3f4a122..8b2a1aa77 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -58,13 +58,11 @@ #endif /*IPV6_XFRM_POLICY*/ /** default priority of installed policies */ -<<<<<<< HEAD -#define PRIO_LOW 3000 -#define PRIO_HIGH 2000 -======= #define PRIO_LOW 1024 #define PRIO_HIGH 512 ->>>>>>> upstream/4.5.1 + +/** default replay window size, if not set using charon.replay_window */ +#define DEFAULT_REPLAY_WINDOW 32 /** * map the limit for bytes and packets to XFRM_INF per default @@ -353,6 +351,16 @@ struct private_kernel_netlink_ipsec_t { * whether to install routes along policies */ bool install_routes; + + /** + * Size of the replay window, in packets + */ + u_int32_t replay_window; + + /** + * Size of the replay window bitmap, in bytes + */ + u_int32_t replay_bmp; }; /** @@ -871,13 +879,9 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, METHOD(kernel_ipsec_t, add_sa, status_t, private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, -<<<<<<< HEAD - lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, -======= u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, ->>>>>>> upstream/4.5.1 u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, - u_int16_t cpi, bool encap, bool inbound, + u_int16_t cpi, bool encap, bool esn, bool inbound, traffic_selector_t* src_ts, traffic_selector_t* dst_ts) { netlink_buf_t request; @@ -885,19 +889,16 @@ METHOD(kernel_ipsec_t, add_sa, status_t, struct nlmsghdr *hdr; struct xfrm_usersa_info *sa; u_int16_t icv_size = 64; + status_t status = FAILED; /* if IPComp is used, we install an additional IPComp SA. if the cpi is 0 * we are in the recursive call below */ if (ipcomp != IPCOMP_NONE && cpi != 0) { lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}}; -<<<<<<< HEAD - add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, -======= add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, tfc, ->>>>>>> upstream/4.5.1 &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty, - mode, ipcomp, 0, FALSE, inbound, NULL, NULL); + mode, ipcomp, 0, FALSE, FALSE, inbound, NULL, NULL); ipcomp = IPCOMP_NONE; /* use transport mode ESP SA, IPComp uses tunnel mode */ mode = MODE_TRANSPORT; @@ -933,10 +934,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, sa->flags |= XFRM_STATE_AF_UNSPEC; break; case MODE_BEET: -<<<<<<< HEAD -======= case MODE_TRANSPORT: ->>>>>>> upstream/4.5.1 if(src_ts && dst_ts) { sa->sel = ts2selector(src_ts, dst_ts); @@ -946,7 +944,6 @@ METHOD(kernel_ipsec_t, add_sa, status_t, break; } - sa->replay_window = (protocol == IPPROTO_COMP) ? 0 : 32; sa->reqid = reqid; sa->lft.soft_byte_limit = XFRM_LIMIT(lifetime->bytes.rekey); sa->lft.hard_byte_limit = XFRM_LIMIT(lifetime->bytes.life); @@ -987,17 +984,17 @@ METHOD(kernel_ipsec_t, add_sa, status_t, { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", encryption_algorithm_names, enc_alg); - return FAILED; + goto failed; } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); rthdr->rta_type = XFRMA_ALG_AEAD; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_aead) + enc_key.len); - hdr->nlmsg_len += rthdr->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); if (hdr->nlmsg_len > sizeof(request)) { - return FAILED; + goto failed; } algo = (struct xfrm_algo_aead*)RTA_DATA(rthdr); @@ -1018,17 +1015,17 @@ METHOD(kernel_ipsec_t, add_sa, status_t, { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", encryption_algorithm_names, enc_alg); - return FAILED; + goto failed; } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); rthdr->rta_type = XFRMA_ALG_CRYPT; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + enc_key.len); - hdr->nlmsg_len += rthdr->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); if (hdr->nlmsg_len > sizeof(request)) { - return FAILED; + goto failed; } algo = (struct xfrm_algo*)RTA_DATA(rthdr); @@ -1047,7 +1044,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", integrity_algorithm_names, int_alg); - return FAILED; + goto failed; } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", integrity_algorithm_names, int_alg, int_key.len * 8); @@ -1061,10 +1058,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t, rthdr->rta_type = XFRMA_ALG_AUTH_TRUNC; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_auth) + int_key.len); - hdr->nlmsg_len += rthdr->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); if (hdr->nlmsg_len > sizeof(request)) { - return FAILED; + goto failed; } algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr); @@ -1080,10 +1077,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t, rthdr->rta_type = XFRMA_ALG_AUTH; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + int_key.len); - hdr->nlmsg_len += rthdr->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); if (hdr->nlmsg_len > sizeof(request)) { - return FAILED; + goto failed; } algo = (struct xfrm_algo*)RTA_DATA(rthdr); @@ -1102,16 +1099,16 @@ METHOD(kernel_ipsec_t, add_sa, status_t, { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", ipcomp_transform_names, ipcomp); - return FAILED; + goto failed; } DBG2(DBG_KNL, " using compression algorithm %N", ipcomp_transform_names, ipcomp); rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo)); - hdr->nlmsg_len += rthdr->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); if (hdr->nlmsg_len > sizeof(request)) { - return FAILED; + goto failed; } struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr); @@ -1128,10 +1125,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t, rthdr->rta_type = XFRMA_ENCAP; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_encap_tmpl)); - hdr->nlmsg_len += rthdr->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); if (hdr->nlmsg_len > sizeof(request)) { - return FAILED; + goto failed; } tmpl = (struct xfrm_encap_tmpl*)RTA_DATA(rthdr); @@ -1158,10 +1155,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t, rthdr->rta_type = XFRMA_MARK; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark)); - hdr->nlmsg_len += rthdr->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); if (hdr->nlmsg_len > sizeof(request)) { - return FAILED; + goto failed; } mrk = (struct xfrm_mark*)RTA_DATA(rthdr); @@ -1170,8 +1167,6 @@ METHOD(kernel_ipsec_t, add_sa, status_t, rthdr = XFRM_RTA_NEXT(rthdr); } -<<<<<<< HEAD -======= if (tfc) { u_int32_t *tfcpad; @@ -1179,10 +1174,10 @@ METHOD(kernel_ipsec_t, add_sa, status_t, rthdr->rta_type = XFRMA_TFCPAD; rthdr->rta_len = RTA_LENGTH(sizeof(u_int32_t)); - hdr->nlmsg_len += rthdr->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); if (hdr->nlmsg_len > sizeof(request)) { - return FAILED; + goto failed; } tfcpad = (u_int32_t*)RTA_DATA(rthdr); @@ -1190,7 +1185,41 @@ METHOD(kernel_ipsec_t, add_sa, status_t, rthdr = XFRM_RTA_NEXT(rthdr); } ->>>>>>> upstream/4.5.1 + if (protocol != IPPROTO_COMP) + { + if (esn || this->replay_window > DEFAULT_REPLAY_WINDOW) + { + /* for ESN or larger replay windows we need the new + * XFRMA_REPLAY_ESN_VAL attribute to configure a bitmap */ + struct xfrm_replay_state_esn *replay; + + rthdr->rta_type = XFRMA_REPLAY_ESN_VAL; + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_replay_state_esn) + + (this->replay_window + 7) / 8); + + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); + if (hdr->nlmsg_len > sizeof(request)) + { + goto failed; + } + + replay = (struct xfrm_replay_state_esn*)RTA_DATA(rthdr); + /* bmp_len contains number uf __u32's */ + replay->bmp_len = this->replay_bmp; + replay->replay_window = this->replay_window; + + rthdr = XFRM_RTA_NEXT(rthdr); + if (esn) + { + sa->flags |= XFRM_STATE_ESN; + } + } + else + { + sa->replay_window = DEFAULT_REPLAY_WINDOW; + } + } + if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { if (mark.value) @@ -1202,17 +1231,25 @@ METHOD(kernel_ipsec_t, add_sa, status_t, { DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi)); } - return FAILED; + goto failed; } - return SUCCESS; + + status = SUCCESS; + +failed: + memwipe(request, sizeof(request)); + return status; } /** - * Get the replay state (i.e. sequence numbers) of an SA. + * Get the ESN replay state (i.e. sequence numbers) of an SA. + * + * Allocates into one the replay state structure we get from the kernel. */ -static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, - u_int32_t spi, u_int8_t protocol, host_t *dst, - struct xfrm_replay_state *replay) +static void get_replay_state(private_kernel_netlink_ipsec_t *this, + u_int32_t spi, u_int8_t protocol, host_t *dst, + struct xfrm_replay_state_esn **replay_esn, + struct xfrm_replay_state **replay) { netlink_buf_t request; struct nlmsghdr *hdr, *out = NULL; @@ -1223,7 +1260,8 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, memset(&request, 0, sizeof(request)); - DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x", ntohl(spi)); + DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x", + ntohl(spi)); hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST; @@ -1267,32 +1305,30 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, } } - if (out_aevent == NULL) - { - DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI %.8x", - ntohl(spi)); - free(out); - return FAILED; - } - - rta = XFRM_RTA(out, struct xfrm_aevent_id); - rtasize = XFRM_PAYLOAD(out, struct xfrm_aevent_id); - while(RTA_OK(rta, rtasize)) + if (out_aevent) { - if (rta->rta_type == XFRMA_REPLAY_VAL && - RTA_PAYLOAD(rta) == sizeof(struct xfrm_replay_state)) + rta = XFRM_RTA(out, struct xfrm_aevent_id); + rtasize = XFRM_PAYLOAD(out, struct xfrm_aevent_id); + while (RTA_OK(rta, rtasize)) { - memcpy(replay, RTA_DATA(rta), RTA_PAYLOAD(rta)); - free(out); - return SUCCESS; + if (rta->rta_type == XFRMA_REPLAY_VAL && + RTA_PAYLOAD(rta) == sizeof(**replay)) + { + *replay = malloc(RTA_PAYLOAD(rta)); + memcpy(*replay, RTA_DATA(rta), RTA_PAYLOAD(rta)); + break; + } + if (rta->rta_type == XFRMA_REPLAY_ESN_VAL && + RTA_PAYLOAD(rta) >= sizeof(**replay_esn) + this->replay_bmp) + { + *replay_esn = malloc(RTA_PAYLOAD(rta)); + memcpy(*replay_esn, RTA_DATA(rta), RTA_PAYLOAD(rta)); + break; + } + rta = RTA_NEXT(rta, rtasize); } - rta = RTA_NEXT(rta, rtasize); } - - DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI %.8x", - ntohl(spi)); free(out); - return FAILED; } METHOD(kernel_ipsec_t, query_sa, status_t, @@ -1303,6 +1339,7 @@ METHOD(kernel_ipsec_t, query_sa, status_t, struct nlmsghdr *out = NULL, *hdr; struct xfrm_usersa_id *sa_id; struct xfrm_usersa_info *sa = NULL; + status_t status = FAILED; size_t len; memset(&request, 0, sizeof(request)); @@ -1334,7 +1371,7 @@ METHOD(kernel_ipsec_t, query_sa, status_t, rthdr->rta_type = XFRMA_MARK; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark)); - hdr->nlmsg_len += rthdr->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); if (hdr->nlmsg_len > sizeof(request)) { return FAILED; @@ -1389,13 +1426,15 @@ METHOD(kernel_ipsec_t, query_sa, status_t, if (sa == NULL) { DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); - free(out); - return FAILED; } - *bytes = sa->curlft.bytes; - + else + { + *bytes = sa->curlft.bytes; + status = SUCCESS; + } + memwipe(out, len); free(out); - return SUCCESS; + return status; } METHOD(kernel_ipsec_t, del_sa, status_t, @@ -1441,7 +1480,7 @@ METHOD(kernel_ipsec_t, del_sa, status_t, rthdr->rta_type = XFRMA_MARK; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark)); - hdr->nlmsg_len += rthdr->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); if (hdr->nlmsg_len > sizeof(request)) { return FAILED; @@ -1491,8 +1530,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t, struct rtattr *rta; size_t rtasize; struct xfrm_encap_tmpl* tmpl = NULL; - bool got_replay_state = FALSE; - struct xfrm_replay_state replay; + struct xfrm_replay_state *replay = NULL; + struct xfrm_replay_state_esn *replay_esn = NULL; + status_t status = FAILED; /* if IPComp is used, we first update the IPComp SA */ if (cpi) @@ -1548,22 +1588,16 @@ METHOD(kernel_ipsec_t, update_sa, status_t, if (out_sa == NULL) { DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); - free(out); - return FAILED; + goto failed; } - /* try to get the replay state */ - if (get_replay_state(this, spi, protocol, dst, &replay) == SUCCESS) - { - got_replay_state = TRUE; - } + get_replay_state(this, spi, protocol, dst, &replay_esn, &replay); /* delete the old SA (without affecting the IPComp SA) */ if (del_sa(this, src, dst, spi, protocol, 0, mark) != SUCCESS) { DBG1(DBG_KNL, "unable to delete old SAD entry with SPI %.8x", ntohl(spi)); - free(out); - return FAILED; + goto failed; } DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", @@ -1613,10 +1647,10 @@ METHOD(kernel_ipsec_t, update_sa, status_t, rta->rta_type = XFRMA_ENCAP; rta->rta_len = RTA_LENGTH(sizeof(struct xfrm_encap_tmpl)); - hdr->nlmsg_len += rta->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rta->rta_len); if (hdr->nlmsg_len > sizeof(request)) { - return FAILED; + goto failed; } tmpl = (struct xfrm_encap_tmpl*)RTA_DATA(rta); @@ -1628,30 +1662,56 @@ METHOD(kernel_ipsec_t, update_sa, status_t, rta = XFRM_RTA_NEXT(rta); } - if (got_replay_state) - { /* copy the replay data if available */ + if (replay_esn) + { + rta->rta_type = XFRMA_REPLAY_ESN_VAL; + rta->rta_len = RTA_LENGTH(sizeof(struct xfrm_replay_state_esn) + + this->replay_bmp); + + hdr->nlmsg_len += RTA_ALIGN(rta->rta_len); + if (hdr->nlmsg_len > sizeof(request)) + { + goto failed; + } + memcpy(RTA_DATA(rta), replay_esn, + sizeof(struct xfrm_replay_state_esn) + this->replay_bmp); + + rta = XFRM_RTA_NEXT(rta); + } + else if (replay) + { rta->rta_type = XFRMA_REPLAY_VAL; rta->rta_len = RTA_LENGTH(sizeof(struct xfrm_replay_state)); - hdr->nlmsg_len += rta->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rta->rta_len); if (hdr->nlmsg_len > sizeof(request)) { - return FAILED; + goto failed; } - memcpy(RTA_DATA(rta), &replay, sizeof(replay)); + memcpy(RTA_DATA(rta), replay, sizeof(replay)); rta = XFRM_RTA_NEXT(rta); } + else + { + DBG1(DBG_KNL, "unable to copy replay state from old SAD entry " + "with SPI %.8x", ntohl(spi)); + } if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); - free(out); - return FAILED; + goto failed; } + + status = SUCCESS; +failed: + free(replay); + free(replay_esn); + memwipe(out, len); free(out); - return SUCCESS; + return status; } METHOD(kernel_ipsec_t, add_policy, status_t, @@ -1725,13 +1785,6 @@ METHOD(kernel_ipsec_t, add_policy, status_t, policy_info = (struct xfrm_userpolicy_info*)NLMSG_DATA(hdr); policy_info->sel = policy->sel; policy_info->dir = policy->direction; -<<<<<<< HEAD - /* calculate priority based on source selector size, small size = high prio */ - policy_info->priority = routed ? PRIO_LOW : PRIO_HIGH; - policy_info->priority -= policy->sel.prefixlen_s * 10; - policy_info->priority -= policy->sel.proto ? 2 : 0; - policy_info->priority -= policy->sel.sport_mask ? 1 : 0; -======= /* calculate priority based on selector size, small size = high prio */ policy_info->priority = routed ? PRIO_LOW : PRIO_HIGH; @@ -1742,7 +1795,6 @@ METHOD(kernel_ipsec_t, add_policy, status_t, policy->sel.dport_mask ? 0 : 2; policy_info->priority += policy->sel.proto ? 0 : 1; ->>>>>>> upstream/4.5.1 policy_info->action = type != POLICY_DROP ? XFRM_POLICY_ALLOW : XFRM_POLICY_BLOCK; policy_info->share = XFRM_SHARE_ANY; @@ -1784,7 +1836,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } rthdr->rta_len += RTA_LENGTH(sizeof(struct xfrm_user_tmpl)); - hdr->nlmsg_len += RTA_LENGTH(sizeof(struct xfrm_user_tmpl)); + hdr->nlmsg_len += RTA_ALIGN(RTA_LENGTH(sizeof(struct xfrm_user_tmpl))); if (hdr->nlmsg_len > sizeof(request)) { return FAILED; @@ -1820,7 +1872,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, rthdr->rta_type = XFRMA_MARK; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark)); - hdr->nlmsg_len += rthdr->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); if (hdr->nlmsg_len > sizeof(request)) { return FAILED; @@ -1864,11 +1916,8 @@ METHOD(kernel_ipsec_t, add_policy, status_t, if (route->if_name) { -<<<<<<< HEAD -======= DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s", src_ts, route->gateway, route->src_ip, route->if_name); ->>>>>>> upstream/4.5.1 switch (hydra->kernel_interface->add_route( hydra->kernel_interface, route->dst_net, route->prefixlen, route->gateway, @@ -1942,7 +1991,7 @@ METHOD(kernel_ipsec_t, query_policy, status_t, rthdr->rta_type = XFRMA_MARK; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark)); - hdr->nlmsg_len += rthdr->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); if (hdr->nlmsg_len > sizeof(request)) { return FAILED; @@ -2084,7 +2133,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, rthdr->rta_type = XFRMA_MARK; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_mark)); - hdr->nlmsg_len += rthdr->rta_len; + hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len); if (hdr->nlmsg_len > sizeof(request)) { return FAILED; @@ -2225,10 +2274,14 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() (hashtable_equals_t)policy_equals, 32), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .install_routes = lib->settings->get_bool(lib->settings, - "%s.install_routes", TRUE, - hydra->daemon), + "%s.install_routes", TRUE, hydra->daemon), + .replay_window = lib->settings->get_int(lib->settings, + "%s.replay_window", DEFAULT_REPLAY_WINDOW, hydra->daemon), ); + this->replay_bmp = (this->replay_window + sizeof(u_int32_t) * 8 - 1) / + (sizeof(u_int32_t) * 8); + if (streq(hydra->daemon, "pluto")) { /* no routes for pluto, they are installed via updown script */ this->install_routes = FALSE; diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c index 314c1acc1..8315ed310 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c @@ -350,7 +350,7 @@ static void process_link(private_kernel_netlink_net_t *this, entry->addrs = linked_list_create(); this->ifaces->insert_last(this->ifaces, entry); } - memcpy(entry->ifname, name, IFNAMSIZ); + strncpy(entry->ifname, name, IFNAMSIZ); entry->ifname[IFNAMSIZ-1] = '\0'; if (event) { @@ -534,6 +534,7 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h switch (rta->rta_type) { case RTA_PREFSRC: + DESTROY_IF(host); host = host_create_from_chunk(msg->rtm_family, chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)), 0); break; @@ -652,7 +653,8 @@ static void address_enumerator_destroy(address_enumerator_t *data) /** * filter for addresses */ -static bool filter_addresses(address_enumerator_t *data, addr_entry_t** in, host_t** out) +static bool filter_addresses(address_enumerator_t *data, + addr_entry_t** in, host_t** out) { if (!data->include_virtual_ips && (*in)->virtual) { /* skip virtual interfaces added by us */ @@ -669,16 +671,19 @@ static bool filter_addresses(address_enumerator_t *data, addr_entry_t** in, host /** * enumerator constructor for interfaces */ -static enumerator_t *create_iface_enumerator(iface_entry_t *iface, address_enumerator_t *data) +static enumerator_t *create_iface_enumerator(iface_entry_t *iface, + address_enumerator_t *data) { - return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs), + return enumerator_create_filter( + iface->addrs->create_enumerator(iface->addrs), (void*)filter_addresses, data, NULL); } /** * filter for interfaces */ -static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, iface_entry_t** out) +static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, + iface_entry_t** out) { if (!data->include_down_ifaces && !((*in)->flags & IFF_UP)) { /* skip interfaces not up */ @@ -688,11 +693,9 @@ static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, if return TRUE; } -/** - * implementation of kernel_net_t.create_address_enumerator - */ -static enumerator_t *create_address_enumerator(private_kernel_netlink_net_t *this, - bool include_down_ifaces, bool include_virtual_ips) +METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, + private_kernel_netlink_net_t *this, + bool include_down_ifaces, bool include_virtual_ips) { address_enumerator_t *data = malloc_thing(address_enumerator_t); data->this = this; @@ -701,15 +704,15 @@ static enumerator_t *create_address_enumerator(private_kernel_netlink_net_t *thi this->mutex->lock(this->mutex); return enumerator_create_nested( - enumerator_create_filter(this->ifaces->create_enumerator(this->ifaces), - (void*)filter_interfaces, data, NULL), - (void*)create_iface_enumerator, data, (void*)address_enumerator_destroy); + enumerator_create_filter( + this->ifaces->create_enumerator(this->ifaces), + (void*)filter_interfaces, data, NULL), + (void*)create_iface_enumerator, data, + (void*)address_enumerator_destroy); } -/** - * implementation of kernel_net_t.get_interface_name - */ -static char *get_interface_name(private_kernel_netlink_net_t *this, host_t* ip) +METHOD(kernel_net_t, get_interface_name, char*, + private_kernel_netlink_net_t *this, host_t* ip) { enumerator_t *ifaces, *addrs; iface_entry_t *iface; @@ -1036,19 +1039,14 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, return src; } -/** - * Implementation of kernel_net_t.get_source_addr. - */ -static host_t* get_source_addr(private_kernel_netlink_net_t *this, - host_t *dest, host_t *src) +METHOD(kernel_net_t, get_source_addr, host_t*, + private_kernel_netlink_net_t *this, host_t *dest, host_t *src) { return get_route(this, dest, FALSE, src); } -/** - * Implementation of kernel_net_t.get_nexthop. - */ -static host_t* get_nexthop(private_kernel_netlink_net_t *this, host_t *dest) +METHOD(kernel_net_t, get_nexthop, host_t*, + private_kernel_netlink_net_t *this, host_t *dest) { return get_route(this, dest, TRUE, NULL); } @@ -1086,11 +1084,8 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type return this->socket->send_ack(this->socket, hdr); } -/** - * Implementation of kernel_net_t.add_ip. - */ -static status_t add_ip(private_kernel_netlink_net_t *this, - host_t *virtual_ip, host_t *iface_ip) +METHOD(kernel_net_t, add_ip, status_t, + private_kernel_netlink_net_t *this, host_t *virtual_ip, host_t *iface_ip) { iface_entry_t *iface; addr_entry_t *addr; @@ -1165,10 +1160,8 @@ static status_t add_ip(private_kernel_netlink_net_t *this, return FAILED; } -/** - * Implementation of kernel_net_t.del_ip. - */ -static status_t del_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip) +METHOD(kernel_net_t, del_ip, status_t, + private_kernel_netlink_net_t *this, host_t *virtual_ip) { iface_entry_t *iface; addr_entry_t *addr; @@ -1296,21 +1289,17 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_ty return this->socket->send_ack(this->socket, hdr); } -/** - * Implementation of kernel_net_t.add_route. - */ -static status_t add_route(private_kernel_netlink_net_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) +METHOD(kernel_net_t, add_route, status_t, + private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen, + host_t *gateway, host_t *src_ip, char *if_name) { return manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, dst_net, prefixlen, gateway, src_ip, if_name); } -/** - * Implementation of kernel_net_t.del_route. - */ -static status_t del_route(private_kernel_netlink_net_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) +METHOD(kernel_net_t, del_route, status_t, + private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen, + host_t *gateway, host_t *src_ip, char *if_name) { return manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen, gateway, src_ip, if_name); @@ -1441,10 +1430,8 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, return this->socket->send_ack(this->socket, hdr); } -/** - * Implementation of kernel_netlink_net_t.destroy. - */ -static void destroy(private_kernel_netlink_net_t *this) +METHOD(kernel_net_t, destroy, void, + private_kernel_netlink_net_t *this) { if (this->routing_table) { @@ -1474,37 +1461,41 @@ static void destroy(private_kernel_netlink_net_t *this) */ kernel_netlink_net_t *kernel_netlink_net_create() { - private_kernel_netlink_net_t *this = malloc_thing(private_kernel_netlink_net_t); + private_kernel_netlink_net_t *this; struct sockaddr_nl addr; enumerator_t *enumerator; char *exclude; - /* public functions */ - this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name; - this->public.interface.create_address_enumerator = (enumerator_t*(*)(kernel_net_t*,bool,bool))create_address_enumerator; - this->public.interface.get_source_addr = (host_t*(*)(kernel_net_t*, host_t *dest, host_t *src))get_source_addr; - this->public.interface.get_nexthop = (host_t*(*)(kernel_net_t*, host_t *dest))get_nexthop; - this->public.interface.add_ip = (status_t(*)(kernel_net_t*,host_t*,host_t*)) add_ip; - this->public.interface.del_ip = (status_t(*)(kernel_net_t*,host_t*)) del_ip; - this->public.interface.add_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route; - this->public.interface.del_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route; - this->public.interface.destroy = (void(*)(kernel_net_t*)) destroy; - - /* private members */ - this->ifaces = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); + INIT(this, + .public = { + .interface = { + .get_interface = _get_interface_name, + .create_address_enumerator = _create_address_enumerator, + .get_source_addr = _get_source_addr, + .get_nexthop = _get_nexthop, + .add_ip = _add_ip, + .del_ip = _del_ip, + .add_route = _add_route, + .del_route = _del_route, + .destroy = _destroy, + }, + }, + .socket = netlink_socket_create(NETLINK_ROUTE), + .rt_exclude = linked_list_create(), + .ifaces = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_RECURSIVE), + .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), + .routing_table = lib->settings->get_int(lib->settings, + "%s.routing_table", ROUTING_TABLE, hydra->daemon), + .routing_table_prio = lib->settings->get_int(lib->settings, + "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon), + .process_route = lib->settings->get_bool(lib->settings, + "%s.process_route", TRUE, hydra->daemon), + .install_virtual_ip = lib->settings->get_bool(lib->settings, + "%s.install_virtual_ip", TRUE, hydra->daemon), + ); timerclear(&this->last_roam); - this->routing_table = lib->settings->get_int(lib->settings, - "%s.routing_table", ROUTING_TABLE, hydra->daemon); - this->routing_table_prio = lib->settings->get_int(lib->settings, - "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon); - this->process_route = lib->settings->get_bool(lib->settings, - "%s.process_route", TRUE, hydra->daemon); - this->install_virtual_ip = lib->settings->get_bool(lib->settings, - "%s.install_virtual_ip", TRUE, hydra->daemon); - - this->rt_exclude = linked_list_create(); + exclude = lib->settings->get_str(lib->settings, "%s.ignore_routing_tables", NULL, hydra->daemon); if (exclude) @@ -1526,9 +1517,6 @@ kernel_netlink_net_t *kernel_netlink_net_create() enumerator->destroy(enumerator); } - this->socket = netlink_socket_create(NETLINK_ROUTE); - this->job = NULL; - memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c index b75a2be80..779466472 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c @@ -33,15 +33,14 @@ struct private_kernel_netlink_plugin_t { kernel_netlink_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_kernel_netlink_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_kernel_netlink_plugin_t *this) +{ + return "kernel-netlink"; +} + METHOD(plugin_t, destroy, void, private_kernel_netlink_plugin_t *this) ->>>>>>> upstream/4.5.1 { hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_netlink_ipsec_create); @@ -55,22 +54,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *kernel_netlink_plugin_create() { -<<<<<<< HEAD - private_kernel_netlink_plugin_t *this = malloc_thing(private_kernel_netlink_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - -======= private_kernel_netlink_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_netlink_ipsec_create); hydra->kernel_interface->add_net_interface(hydra->kernel_interface, diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.in b/src/libhydra/plugins/kernel_pfkey/Makefile.in index 3f2976959..251483017 100644 --- a/src/libhydra/plugins/kernel_pfkey/Makefile.in +++ b/src/libhydra/plugins/kernel_pfkey/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 69d0da6e5..b252b7092 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -99,13 +99,8 @@ #endif /** default priority of installed policies */ -<<<<<<< HEAD -#define PRIO_LOW 3000 -#define PRIO_HIGH 2000 -======= #define PRIO_LOW 1024 #define PRIO_HIGH 512 ->>>>>>> upstream/4.5.1 #ifdef __APPLE__ /** from xnu/bsd/net/pfkeyv2.h */ @@ -1211,14 +1206,10 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, METHOD(kernel_ipsec_t, add_sa, status_t, private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, -<<<<<<< HEAD - u_int8_t protocol, u_int32_t reqid, mark_t mark, -======= u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, ->>>>>>> upstream/4.5.1 lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, bool encap, bool inbound, + u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { unsigned char request[PFKEY_BUFFER_SIZE]; @@ -1660,13 +1651,6 @@ METHOD(kernel_ipsec_t, add_policy, status_t, pol->sadb_x_policy_dir = dir2kernel(direction); pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; #ifdef HAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY -<<<<<<< HEAD - /* calculate priority based on source selector size, small size = high prio */ - pol->sadb_x_policy_priority = routed ? PRIO_LOW : PRIO_HIGH; - pol->sadb_x_policy_priority -= policy->src.mask * 10; - pol->sadb_x_policy_priority -= policy->src.proto != IPSEC_PROTO_ANY ? 2 : 0; - pol->sadb_x_policy_priority -= policy->src.net->get_port(policy->src.net) ? 1 : 0; -======= /* calculate priority based on selector size, small size = high prio */ pol->sadb_x_policy_priority = routed ? PRIO_LOW : PRIO_HIGH; pol->sadb_x_policy_priority -= policy->src.mask; @@ -1675,7 +1659,6 @@ METHOD(kernel_ipsec_t, add_policy, status_t, pol->sadb_x_policy_priority += policy->src.net->get_port(policy->src.net) || policy->dst.net->get_port(policy->dst.net) ? 0 : 2; pol->sadb_x_policy_priority += policy->src.proto != IPSEC_PROTO_ANY ? 0 : 1; ->>>>>>> upstream/4.5.1 #endif /* one or more sadb_x_ipsecrequest extensions are added to the sadb_x_policy extension */ diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c index e2ed954fb..842511181 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c @@ -32,15 +32,14 @@ struct private_kernel_pfkey_plugin_t { kernel_pfkey_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_kernel_pfkey_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_kernel_pfkey_plugin_t *this) +{ + return "kernel-pfkey"; +} + METHOD(plugin_t, destroy, void, private_kernel_pfkey_plugin_t *this) ->>>>>>> upstream/4.5.1 { hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_pfkey_ipsec_create); @@ -52,22 +51,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *kernel_pfkey_plugin_create() { -<<<<<<< HEAD - private_kernel_pfkey_plugin_t *this = malloc_thing(private_kernel_pfkey_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - -======= private_kernel_pfkey_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)kernel_pfkey_ipsec_create); diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.in b/src/libhydra/plugins/kernel_pfroute/Makefile.in index 24f8ffc4e..b7e12561d 100644 --- a/src/libhydra/plugins/kernel_pfroute/Makefile.in +++ b/src/libhydra/plugins/kernel_pfroute/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c index 59fc915fd..fca46bfd2 100644 --- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -412,7 +412,8 @@ static void address_enumerator_destroy(address_enumerator_t *data) /** * filter for addresses */ -static bool filter_addresses(address_enumerator_t *data, addr_entry_t** in, host_t** out) +static bool filter_addresses(address_enumerator_t *data, + addr_entry_t** in, host_t** out) { host_t *ip; if (!data->include_virtual_ips && (*in)->virtual) @@ -435,7 +436,8 @@ static bool filter_addresses(address_enumerator_t *data, addr_entry_t** in, host /** * enumerator constructor for interfaces */ -static enumerator_t *create_iface_enumerator(iface_entry_t *iface, address_enumerator_t *data) +static enumerator_t *create_iface_enumerator(iface_entry_t *iface, + address_enumerator_t *data) { return enumerator_create_filter(iface->addrs->create_enumerator(iface->addrs), (void*)filter_addresses, data, NULL); @@ -444,7 +446,8 @@ static enumerator_t *create_iface_enumerator(iface_entry_t *iface, address_enume /** * filter for interfaces */ -static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, iface_entry_t** out) +static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, + iface_entry_t** out) { if (!data->include_down_ifaces && !((*in)->flags & IFF_UP)) { /* skip interfaces not up */ @@ -454,11 +457,9 @@ static bool filter_interfaces(address_enumerator_t *data, iface_entry_t** in, if return TRUE; } -/** - * implementation of kernel_net_t.create_address_enumerator - */ -static enumerator_t *create_address_enumerator(private_kernel_pfroute_net_t *this, - bool include_down_ifaces, bool include_virtual_ips) +METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, + private_kernel_pfroute_net_t *this, + bool include_down_ifaces, bool include_virtual_ips) { address_enumerator_t *data = malloc_thing(address_enumerator_t); data->this = this; @@ -467,15 +468,15 @@ static enumerator_t *create_address_enumerator(private_kernel_pfroute_net_t *thi this->mutex->lock(this->mutex); return enumerator_create_nested( - enumerator_create_filter(this->ifaces->create_enumerator(this->ifaces), - (void*)filter_interfaces, data, NULL), - (void*)create_iface_enumerator, data, (void*)address_enumerator_destroy); + enumerator_create_filter( + this->ifaces->create_enumerator(this->ifaces), + (void*)filter_interfaces, data, NULL), + (void*)create_iface_enumerator, data, + (void*)address_enumerator_destroy); } -/** - * implementation of kernel_net_t.get_interface_name - */ -static char *get_interface_name(private_kernel_pfroute_net_t *this, host_t* ip) +METHOD(kernel_net_t, get_interface_name, char*, + private_kernel_pfroute_net_t *this, host_t* ip) { enumerator_t *ifaces, *addrs; iface_entry_t *iface; @@ -517,54 +518,40 @@ static char *get_interface_name(private_kernel_pfroute_net_t *this, host_t* ip) return name; } -/** - * Implementation of kernel_net_t.get_source_addr. - */ -static host_t* get_source_addr(private_kernel_pfroute_net_t *this, - host_t *dest, host_t *src) +METHOD(kernel_net_t, get_source_addr, host_t*, + private_kernel_pfroute_net_t *this, host_t *dest, host_t *src) { return NULL; } -/** - * Implementation of kernel_net_t.get_nexthop. - */ -static host_t* get_nexthop(private_kernel_pfroute_net_t *this, host_t *dest) +METHOD(kernel_net_t, get_nexthop, host_t*, + private_kernel_pfroute_net_t *this, host_t *dest) { return NULL; } -/** - * Implementation of kernel_net_t.add_ip. - */ -static status_t add_ip(private_kernel_pfroute_net_t *this, - host_t *virtual_ip, host_t *iface_ip) +METHOD(kernel_net_t, add_ip, status_t, + private_kernel_pfroute_net_t *this, host_t *virtual_ip, host_t *iface_ip) { return FAILED; } -/** - * Implementation of kernel_net_t.del_ip. - */ -static status_t del_ip(private_kernel_pfroute_net_t *this, host_t *virtual_ip) +METHOD(kernel_net_t, del_ip, status_t, + private_kernel_pfroute_net_t *this, host_t *virtual_ip) { return FAILED; } -/** - * Implementation of kernel_net_t.add_route. - */ -static status_t add_route(private_kernel_pfroute_net_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) +METHOD(kernel_net_t, add_route, status_t, + private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen, + host_t *gateway, host_t *src_ip, char *if_name) { return FAILED; } -/** - * Implementation of kernel_net_t.del_route. - */ -static status_t del_route(private_kernel_pfroute_net_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) +METHOD(kernel_net_t, del_route, status_t, + private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen, + host_t *gateway, host_t *src_ip, char *if_name) { return FAILED; } @@ -658,10 +645,8 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) return SUCCESS; } -/** - * Implementation of kernel_netlink_net_t.destroy. - */ -static void destroy(private_kernel_pfroute_net_t *this) +METHOD(kernel_net_t, destroy, void, + private_kernel_pfroute_net_t *this) { if (this->job) { @@ -686,28 +671,26 @@ static void destroy(private_kernel_pfroute_net_t *this) */ kernel_pfroute_net_t *kernel_pfroute_net_create() { - private_kernel_pfroute_net_t *this = malloc_thing(private_kernel_pfroute_net_t); - - /* public functions */ - this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name; - this->public.interface.create_address_enumerator = (enumerator_t*(*)(kernel_net_t*,bool,bool))create_address_enumerator; - this->public.interface.get_source_addr = (host_t*(*)(kernel_net_t*, host_t *dest, host_t *src))get_source_addr; - this->public.interface.get_nexthop = (host_t*(*)(kernel_net_t*, host_t *dest))get_nexthop; - this->public.interface.add_ip = (status_t(*)(kernel_net_t*,host_t*,host_t*)) add_ip; - this->public.interface.del_ip = (status_t(*)(kernel_net_t*,host_t*)) del_ip; - this->public.interface.add_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route; - this->public.interface.del_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route; - - this->public.interface.destroy = (void(*)(kernel_net_t*)) destroy; - - /* private members */ - this->ifaces = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT); - - this->seq = 0; - this->socket_events = 0; - this->job = NULL; + private_kernel_pfroute_net_t *this; + + INIT(this, + .public = { + .interface = { + .get_interface = _get_interface_name, + .create_address_enumerator = _create_address_enumerator, + .get_source_addr = _get_source_addr, + .get_nexthop = _get_nexthop, + .add_ip = _add_ip, + .del_ip = _del_ip, + .add_route = _add_route, + .del_route = _del_route, + .destroy = _destroy, + }, + }, + .ifaces = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT), + ); /* create a PF_ROUTE socket to communicate with the kernel */ this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c index bae3a2ac6..680caa5d0 100644 --- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c +++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c @@ -32,15 +32,14 @@ struct private_kernel_pfroute_plugin_t { kernel_pfroute_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_kernel_pfroute_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_kernel_pfroute_plugin_t *this) +{ + return "kernel-pfroute"; +} + METHOD(plugin_t, destroy, void, private_kernel_pfroute_plugin_t *this) ->>>>>>> upstream/4.5.1 { hydra->kernel_interface->remove_net_interface(hydra->kernel_interface, (kernel_net_constructor_t)kernel_pfroute_net_create); @@ -52,22 +51,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *kernel_pfroute_plugin_create() { -<<<<<<< HEAD - private_kernel_pfroute_plugin_t *this = malloc_thing(private_kernel_pfroute_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - -======= private_kernel_pfroute_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 hydra->kernel_interface->add_net_interface(hydra->kernel_interface, (kernel_net_constructor_t)kernel_pfroute_net_create); diff --git a/src/libhydra/plugins/resolve/Makefile.in b/src/libhydra/plugins/resolve/Makefile.in index 646d1dba9..d3cda309a 100644 --- a/src/libhydra/plugins/resolve/Makefile.in +++ b/src/libhydra/plugins/resolve/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libhydra/plugins/resolve/resolve_handler.c b/src/libhydra/plugins/resolve/resolve_handler.c index cdc639038..feb2fd05a 100644 --- a/src/libhydra/plugins/resolve/resolve_handler.c +++ b/src/libhydra/plugins/resolve/resolve_handler.c @@ -116,7 +116,7 @@ static void release(private_resolve_handler_t *this, identification_t *server, configuration_attribute_type_t type, chunk_t data) { FILE *in, *out; - char line[1024], matcher[512], *pos; + char line[1024], matcher[512]; host_t *addr; int family; @@ -148,7 +148,7 @@ static void release(private_resolve_handler_t *this, identification_t *server, addr, server); /* copy all, but matching line */ - while ((pos = fgets(line, sizeof(line), in))) + while (fgets(line, sizeof(line), in)) { if (strneq(line, matcher, strlen(matcher))) { diff --git a/src/libhydra/plugins/resolve/resolve_plugin.c b/src/libhydra/plugins/resolve/resolve_plugin.c index c60521cd1..d23d36127 100644 --- a/src/libhydra/plugins/resolve/resolve_plugin.c +++ b/src/libhydra/plugins/resolve/resolve_plugin.c @@ -36,15 +36,14 @@ struct private_resolve_plugin_t { resolve_handler_t *handler; }; -<<<<<<< HEAD -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_resolve_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_resolve_plugin_t *this) +{ + return "resolve"; +} + METHOD(plugin_t, destroy, void, private_resolve_plugin_t *this) ->>>>>>> upstream/4.5.1 { hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler); this->handler->destroy(this->handler); @@ -56,23 +55,18 @@ METHOD(plugin_t, destroy, void, */ plugin_t *resolve_plugin_create() { -<<<<<<< HEAD - private_resolve_plugin_t *this = malloc_thing(private_resolve_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - this->handler = resolve_handler_create(); -======= private_resolve_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, .handler = resolve_handler_create(), ); ->>>>>>> upstream/4.5.1 hydra->attributes->add_handler(hydra->attributes, &this->handler->handler); return &this->public.plugin; diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in index 3191ade0f..30af27406 100644 --- a/src/libsimaka/Makefile.in +++ b/src/libsimaka/Makefile.in @@ -192,13 +192,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -219,6 +213,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -237,14 +233,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index 431543151..259f0a375 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -32,8 +32,7 @@ credentials/keys/private_key.c credentials/keys/private_key.h \ credentials/keys/public_key.c credentials/keys/public_key.h \ credentials/keys/shared_key.c credentials/keys/shared_key.h \ credentials/certificates/certificate.c credentials/certificates/certificate.h \ -credentials/certificates/x509.h credentials/certificates/x509.c \ -credentials/certificates/ac.h \ +credentials/certificates/x509.h credentials/certificates/ac.h \ credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -49,7 +48,7 @@ credentials/sets/callback_cred.c credentials/sets/callback_cred.h \ credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \ credentials/cert_validator.h \ database/database.h database/database_factory.h database/database_factory.c \ -fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ +fetcher/fetcher.h fetcher/fetcher.c fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ eap/eap.h eap/eap.c \ plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h \ processing/jobs/job.h \ diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 894d3ae65..b6c70daea 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -30,12 +30,7 @@ credentials/keys/private_key.c credentials/keys/private_key.h \ credentials/keys/public_key.c credentials/keys/public_key.h \ credentials/keys/shared_key.c credentials/keys/shared_key.h \ credentials/certificates/certificate.c credentials/certificates/certificate.h \ -<<<<<<< HEAD -credentials/certificates/x509.h credentials/certificates/x509.c \ -credentials/certificates/ac.h \ -======= credentials/certificates/x509.h credentials/certificates/ac.h \ ->>>>>>> upstream/4.5.1 credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -51,7 +46,7 @@ credentials/sets/callback_cred.c credentials/sets/callback_cred.h \ credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \ credentials/cert_validator.h \ database/database.h database/database_factory.h database/database_factory.c \ -fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ +fetcher/fetcher.h fetcher/fetcher.c fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ eap/eap.h eap/eap.c \ plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h \ processing/jobs/job.h \ @@ -140,8 +135,6 @@ else SUBDIRS = . endif -<<<<<<< HEAD -======= if USE_AF_ALG SUBDIRS += plugins/af_alg if MONOLITHIC @@ -149,7 +142,6 @@ if MONOLITHIC endif endif ->>>>>>> upstream/4.5.1 if USE_AES SUBDIRS += plugins/aes if MONOLITHIC @@ -241,8 +233,6 @@ if MONOLITHIC endif endif -<<<<<<< HEAD -======= if USE_CONSTRAINTS SUBDIRS += plugins/constraints if MONOLITHIC @@ -250,7 +240,6 @@ if MONOLITHIC endif endif ->>>>>>> upstream/4.5.1 if USE_PUBKEY SUBDIRS += plugins/pubkey if MONOLITHIC @@ -293,8 +282,6 @@ if MONOLITHIC endif endif -<<<<<<< HEAD -======= if USE_SOUP SUBDIRS += plugins/soup if MONOLITHIC @@ -302,7 +289,6 @@ if MONOLITHIC endif endif ->>>>>>> upstream/4.5.1 if USE_LDAP SUBDIRS += plugins/ldap if MONOLITHIC diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index af1e5bf3d..c9ae8992e 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -44,72 +44,6 @@ host_triplet = @host@ @USE_INTEGRITY_TEST_TRUE@ integrity_checker.c integrity_checker.h @USE_VSTR_TRUE@am__append_6 = -lvstr -<<<<<<< HEAD -@USE_AES_TRUE@am__append_7 = plugins/aes -@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_8 = plugins/aes/libstrongswan-aes.la -@USE_DES_TRUE@am__append_9 = plugins/des -@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_10 = plugins/des/libstrongswan-des.la -@USE_BLOWFISH_TRUE@am__append_11 = plugins/blowfish -@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_12 = plugins/blowfish/libstrongswan-blowfish.la -@USE_MD4_TRUE@am__append_13 = plugins/md4 -@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_14 = plugins/md4/libstrongswan-md4.la -@USE_MD5_TRUE@am__append_15 = plugins/md5 -@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_16 = plugins/md5/libstrongswan-md5.la -@USE_SHA1_TRUE@am__append_17 = plugins/sha1 -@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_18 = plugins/sha1/libstrongswan-sha1.la -@USE_SHA2_TRUE@am__append_19 = plugins/sha2 -@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_20 = plugins/sha2/libstrongswan-sha2.la -@USE_GMP_TRUE@am__append_21 = plugins/gmp -@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_22 = plugins/gmp/libstrongswan-gmp.la -@USE_RANDOM_TRUE@am__append_23 = plugins/random -@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_24 = plugins/random/libstrongswan-random.la -@USE_HMAC_TRUE@am__append_25 = plugins/hmac -@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_26 = plugins/hmac/libstrongswan-hmac.la -@USE_XCBC_TRUE@am__append_27 = plugins/xcbc -@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_28 = plugins/xcbc/libstrongswan-xcbc.la -@USE_X509_TRUE@am__append_29 = plugins/x509 -@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_30 = plugins/x509/libstrongswan-x509.la -@USE_REVOCATION_TRUE@am__append_31 = plugins/revocation -@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_32 = plugins/revocation/libstrongswan-revocation.la -@USE_PUBKEY_TRUE@am__append_33 = plugins/pubkey -@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_34 = plugins/pubkey/libstrongswan-pubkey.la -@USE_PKCS1_TRUE@am__append_35 = plugins/pkcs1 -@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_36 = plugins/pkcs1/libstrongswan-pkcs1.la -@USE_PGP_TRUE@am__append_37 = plugins/pgp -@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_38 = plugins/pgp/libstrongswan-pgp.la -@USE_DNSKEY_TRUE@am__append_39 = plugins/dnskey -@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_40 = plugins/dnskey/libstrongswan-dnskey.la -@USE_PEM_TRUE@am__append_41 = plugins/pem -@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_42 = plugins/pem/libstrongswan-pem.la -@USE_CURL_TRUE@am__append_43 = plugins/curl -@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_44 = plugins/curl/libstrongswan-curl.la -@USE_LDAP_TRUE@am__append_45 = plugins/ldap -@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_46 = plugins/ldap/libstrongswan-ldap.la -@USE_MYSQL_TRUE@am__append_47 = plugins/mysql -@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_48 = plugins/mysql/libstrongswan-mysql.la -@USE_SQLITE_TRUE@am__append_49 = plugins/sqlite -@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_50 = plugins/sqlite/libstrongswan-sqlite.la -@USE_PADLOCK_TRUE@am__append_51 = plugins/padlock -@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_52 = plugins/padlock/libstrongswan-padlock.la -@USE_OPENSSL_TRUE@am__append_53 = plugins/openssl -@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_54 = plugins/openssl/libstrongswan-openssl.la -@USE_GCRYPT_TRUE@am__append_55 = plugins/gcrypt -@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_56 = plugins/gcrypt/libstrongswan-gcrypt.la -@USE_FIPS_PRF_TRUE@am__append_57 = plugins/fips_prf -@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_58 = plugins/fips_prf/libstrongswan-fips-prf.la -@USE_AGENT_TRUE@am__append_59 = plugins/agent -@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_60 = plugins/agent/libstrongswan-agent.la -@USE_PKCS11_TRUE@am__append_61 = plugins/pkcs11 -@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_62 = plugins/pkcs11/libstrongswan-pkcs11.la -@USE_CTR_TRUE@am__append_63 = plugins/ctr -@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_64 = plugins/ctr/libstrongswan-ctr.la -@USE_CCM_TRUE@am__append_65 = plugins/ccm -@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_66 = plugins/ccm/libstrongswan-ccm.la -@USE_GCM_TRUE@am__append_67 = plugins/gcm -@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_68 = plugins/gcm/libstrongswan-gcm.la -@USE_TEST_VECTORS_TRUE@am__append_69 = plugins/test_vectors -@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_70 = plugins/test_vectors/libstrongswan-test-vectors.la -======= @USE_AF_ALG_TRUE@am__append_7 = plugins/af_alg @MONOLITHIC_TRUE@@USE_AF_ALG_TRUE@am__append_8 = plugins/af_alg/libstrongswan-af-alg.la @USE_AES_TRUE@am__append_9 = plugins/aes @@ -180,7 +114,6 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_74 = plugins/gcm/libstrongswan-gcm.la @USE_TEST_VECTORS_TRUE@am__append_75 = plugins/test_vectors @MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_76 = plugins/test_vectors/libstrongswan-test-vectors.la ->>>>>>> upstream/4.5.1 subdir = src/libstrongswan DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -235,12 +168,8 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__append_48) $(am__append_50) $(am__append_52) \ $(am__append_54) $(am__append_56) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ -<<<<<<< HEAD - $(am__append_66) $(am__append_68) $(am__append_70) -======= $(am__append_66) $(am__append_68) $(am__append_70) \ $(am__append_72) $(am__append_74) $(am__append_76) ->>>>>>> upstream/4.5.1 am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ chunk.h debug.c debug.h enum.c enum.h settings.h settings.c \ printf_hook.c printf_hook.h asn1/asn1.c asn1/asn1.h \ @@ -265,12 +194,7 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ credentials/keys/shared_key.h \ credentials/certificates/certificate.c \ credentials/certificates/certificate.h \ -<<<<<<< HEAD - credentials/certificates/x509.h \ - credentials/certificates/x509.c credentials/certificates/ac.h \ -======= credentials/certificates/x509.h credentials/certificates/ac.h \ ->>>>>>> upstream/4.5.1 credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -292,7 +216,7 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ credentials/auth_cfg.h credentials/credential_set.h \ credentials/cert_validator.h database/database.h \ database/database_factory.h database/database_factory.c \ - fetcher/fetcher.h fetcher/fetcher_manager.h \ + fetcher/fetcher.h fetcher/fetcher.c fetcher/fetcher_manager.h \ fetcher/fetcher_manager.c eap/eap.h eap/eap.c \ plugins/plugin_loader.c plugins/plugin_loader.h \ plugins/plugin.h processing/jobs/job.h \ @@ -320,14 +244,10 @@ am_libstrongswan_la_OBJECTS = library.lo chunk.lo debug.lo enum.lo \ crypto_tester.lo diffie_hellman.lo aead.lo transform.lo \ credential_factory.lo builder.lo cred_encoding.lo \ private_key.lo public_key.lo shared_key.lo certificate.lo \ -<<<<<<< HEAD - x509.lo crl.lo ocsp_response.lo ietf_attributes.lo \ -======= crl.lo ocsp_response.lo ietf_attributes.lo \ ->>>>>>> upstream/4.5.1 credential_manager.lo auth_cfg_wrapper.lo \ ocsp_response_wrapper.lo cert_cache.lo mem_cred.lo \ - callback_cred.lo auth_cfg.lo database_factory.lo \ + callback_cred.lo auth_cfg.lo database_factory.lo fetcher.lo \ fetcher_manager.lo eap.lo plugin_loader.lo callback_job.lo \ processor.lo scheduler.lo traffic_selector.lo thread.lo \ thread_value.lo mutex.lo rwlock.lo utils.lo host.lo \ @@ -364,16 +284,6 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ distdir ETAGS = etags CTAGS = ctags -<<<<<<< HEAD -DIST_SUBDIRS = . plugins/aes plugins/des plugins/blowfish plugins/md4 \ - plugins/md5 plugins/sha1 plugins/sha2 plugins/gmp \ - plugins/random plugins/hmac plugins/xcbc plugins/x509 \ - plugins/revocation plugins/pubkey plugins/pkcs1 plugins/pgp \ - plugins/dnskey plugins/pem plugins/curl plugins/ldap \ - plugins/mysql plugins/sqlite plugins/padlock plugins/openssl \ - plugins/gcrypt plugins/fips_prf plugins/agent plugins/pkcs11 \ - plugins/ctr plugins/ccm plugins/gcm plugins/test_vectors -======= DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/blowfish plugins/md4 plugins/md5 plugins/sha1 \ plugins/sha2 plugins/gmp plugins/random plugins/hmac \ @@ -384,7 +294,6 @@ DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/openssl plugins/gcrypt plugins/fips_prf plugins/agent \ plugins/pkcs11 plugins/ctr plugins/ccm plugins/gcm \ plugins/test_vectors ->>>>>>> upstream/4.5.1 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -530,13 +439,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -557,6 +460,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -575,14 +480,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -615,12 +518,7 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \ credentials/keys/shared_key.h \ credentials/certificates/certificate.c \ credentials/certificates/certificate.h \ -<<<<<<< HEAD - credentials/certificates/x509.h \ - credentials/certificates/x509.c credentials/certificates/ac.h \ -======= credentials/certificates/x509.h credentials/certificates/ac.h \ ->>>>>>> upstream/4.5.1 credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -642,7 +540,7 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \ credentials/auth_cfg.h credentials/credential_set.h \ credentials/cert_validator.h database/database.h \ database/database_factory.h database/database_factory.c \ - fetcher/fetcher.h fetcher/fetcher_manager.h \ + fetcher/fetcher.h fetcher/fetcher.c fetcher/fetcher_manager.h \ fetcher/fetcher_manager.c eap/eap.h eap/eap.c \ plugins/plugin_loader.c plugins/plugin_loader.h \ plugins/plugin.h processing/jobs/job.h \ @@ -671,12 +569,8 @@ libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \ $(am__append_48) $(am__append_50) $(am__append_52) \ $(am__append_54) $(am__append_56) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ -<<<<<<< HEAD - $(am__append_66) $(am__append_68) $(am__append_70) -======= $(am__append_66) $(am__append_68) $(am__append_70) \ $(am__append_72) $(am__append_74) $(am__append_76) ->>>>>>> upstream/4.5.1 INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DPLUGINDIR=\"${plugindir}\" \ -DSTRONGSWAN_CONF=\"${strongswan_conf}\" $(am__append_1) \ @@ -709,13 +603,9 @@ $(srcdir)/crypto/proposal/proposal_keywords.c @MONOLITHIC_FALSE@ $(am__append_55) $(am__append_57) \ @MONOLITHIC_FALSE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \ -<<<<<<< HEAD -@MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) -======= @MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_FALSE@ $(am__append_71) $(am__append_73) \ @MONOLITHIC_FALSE@ $(am__append_75) ->>>>>>> upstream/4.5.1 # build plugins with their own Makefile ####################################### @@ -734,13 +624,9 @@ $(srcdir)/crypto/proposal/proposal_keywords.c @MONOLITHIC_TRUE@ $(am__append_55) $(am__append_57) \ @MONOLITHIC_TRUE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \ -<<<<<<< HEAD -@MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) -======= @MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_TRUE@ $(am__append_71) $(am__append_73) \ @MONOLITHIC_TRUE@ $(am__append_75) ->>>>>>> upstream/4.5.1 all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -841,6 +727,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enum.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enumerator.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fetcher.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fetcher_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hasher.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hashtable.Plo@am__quote@ @@ -878,10 +765,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Plo@am__quote@ -<<<<<<< HEAD -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@ -======= ->>>>>>> upstream/4.5.1 .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -1065,16 +948,6 @@ certificate.lo: credentials/certificates/certificate.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certificate.lo `test -f 'credentials/certificates/certificate.c' || echo '$(srcdir)/'`credentials/certificates/certificate.c -<<<<<<< HEAD -x509.lo: credentials/certificates/x509.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT x509.lo -MD -MP -MF $(DEPDIR)/x509.Tpo -c -o x509.lo `test -f 'credentials/certificates/x509.c' || echo '$(srcdir)/'`credentials/certificates/x509.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/x509.Tpo $(DEPDIR)/x509.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/certificates/x509.c' object='x509.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o x509.lo `test -f 'credentials/certificates/x509.c' || echo '$(srcdir)/'`credentials/certificates/x509.c - -======= ->>>>>>> upstream/4.5.1 crl.lo: credentials/certificates/crl.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crl.lo -MD -MP -MF $(DEPDIR)/crl.Tpo -c -o crl.lo `test -f 'credentials/certificates/crl.c' || echo '$(srcdir)/'`credentials/certificates/crl.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/crl.Tpo $(DEPDIR)/crl.Plo @@ -1152,6 +1025,13 @@ database_factory.lo: database/database_factory.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o database_factory.lo `test -f 'database/database_factory.c' || echo '$(srcdir)/'`database/database_factory.c +fetcher.lo: fetcher/fetcher.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fetcher.lo -MD -MP -MF $(DEPDIR)/fetcher.Tpo -c -o fetcher.lo `test -f 'fetcher/fetcher.c' || echo '$(srcdir)/'`fetcher/fetcher.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/fetcher.Tpo $(DEPDIR)/fetcher.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fetcher/fetcher.c' object='fetcher.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fetcher.lo `test -f 'fetcher/fetcher.c' || echo '$(srcdir)/'`fetcher/fetcher.c + fetcher_manager.lo: fetcher/fetcher_manager.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fetcher_manager.lo -MD -MP -MF $(DEPDIR)/fetcher_manager.Tpo -c -o fetcher_manager.lo `test -f 'fetcher/fetcher_manager.c' || echo '$(srcdir)/'`fetcher/fetcher_manager.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/fetcher_manager.Tpo $(DEPDIR)/fetcher_manager.Plo diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 7f198f9aa..4466b37a4 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -126,15 +126,13 @@ chunk_t asn1_build_known_oid(int n) /* * Defined in header. */ -<<<<<<< HEAD -======= chunk_t asn1_oid_from_string(char *str) { enumerator_t *enumerator; - u_char buf[32]; + u_char buf[64]; char *end; - int i = 0, pos = 0; - u_int val, first = 0; + int i = 0, pos = 0, shift; + u_int val, shifted_val, first = 0; enumerator = enumerator_create_token(str, ".", ""); while (enumerator->enumerate(enumerator, &str)) @@ -154,16 +152,17 @@ chunk_t asn1_oid_from_string(char *str) buf[pos++] = first * 40 + val; break; default: - if (val < 128) + shift = 28; /* sufficient to handle 32 bit node numbers */ + while (shift) { - buf[pos++] = val; + shifted_val = val >> shift; + shift -= 7; + if (shifted_val) /* do not encode leading zeroes */ + { + buf[pos++] = 0x80 | (shifted_val & 0x7F); + } } - else - { - buf[pos++] = 128 | (val >> 7); - buf[pos++] = (val % 256) & 0x7F; - } - break; + buf[pos++] = val & 0x7F; } } enumerator->destroy(enumerator); @@ -185,44 +184,37 @@ char *asn1_oid_to_string(chunk_t oid) return NULL; } val = oid.ptr[0] / 40; - len = snprintf(buf, sizeof(buf), "%d.%d", val, oid.ptr[0] - val * 40); + len = snprintf(buf, sizeof(buf), "%u.%u", val, oid.ptr[0] - val * 40); oid = chunk_skip(oid, 1); if (len < 0 || len >= sizeof(buf)) { return NULL; } pos += len; + val = 0; while (oid.len) { + val = (val << 7) + (u_int)(oid.ptr[0] & 0x7f); + if (oid.ptr[0] < 128) { - len = snprintf(pos, sizeof(buf) + buf - pos, ".%d", oid.ptr[0]); - oid = chunk_skip(oid, 1); - } - else - { - if (oid.len == 1) + len = snprintf(pos, sizeof(buf) + buf - pos, ".%u", val); + if (len < 0 || len >= sizeof(buf) + buf - pos) { return NULL; } - val = ((u_int)(oid.ptr[0] & 0x7F) << 7) + oid.ptr[1]; - len = snprintf(pos, sizeof(buf) + buf - pos, ".%d", val); - oid = chunk_skip(oid, 2); - } - if (len < 0 || len >= sizeof(buf) + buf - pos) - { - return NULL; + pos += len; + val = 0; } - pos += len; + oid = chunk_skip(oid, 1); } - return strdup(buf); + return (val == 0) ? strdup(buf) : NULL; } /* * Defined in header. */ ->>>>>>> upstream/4.5.1 size_t asn1_length(chunk_t *blob) { u_char n; @@ -471,12 +463,22 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private) { case ASN1_OID: oid = asn1_known_oid(object); - if (oid != OID_UNKNOWN) + if (oid == OID_UNKNOWN) + { + char *oid_str = asn1_oid_to_string(object); + + if (!oid_str) + { + break; + } + DBG2(DBG_LIB, " %s", oid_str); + free(oid_str); + } + else { DBG2(DBG_LIB, " '%s'", oid_names[oid].name); - return; } - break; + return; case ASN1_UTF8STRING: case ASN1_IA5STRING: case ASN1_PRINTABLESTRING: diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 70411c999..05a060827 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -115,8 +115,6 @@ int asn1_known_oid(chunk_t object); chunk_t asn1_build_known_oid(int n); /** -<<<<<<< HEAD -======= * Convert human readable OID to ASN.1 DER encoding, without OID header. * * @param str OID string (e.g. 1.2.345.67.8) @@ -133,7 +131,6 @@ chunk_t asn1_oid_from_string(char *str); char* asn1_oid_to_string(chunk_t oid); /** ->>>>>>> upstream/4.5.1 * Returns the length of an ASN.1 object * The blob pointer is advanced past the tag length fields * diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c index fe02690d9..2a7a38a52 100644 --- a/src/libstrongswan/asn1/asn1_parser.c +++ b/src/libstrongswan/asn1/asn1_parser.c @@ -78,15 +78,8 @@ struct private_asn1_parser_t { chunk_t blobs[ASN1_MAX_LEVEL + 2]; }; -<<<<<<< HEAD -/** - * Implementation of asn1_parser_t.iterate - */ -static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) -======= METHOD(asn1_parser_t, iterate, bool, private_asn1_parser_t *this, int *objectID, chunk_t *object) ->>>>>>> upstream/4.5.1 { chunk_t *blob, *blob1; u_char *start_ptr; @@ -239,68 +232,33 @@ end: return this->success; } -<<<<<<< HEAD -/** - * Implementation of asn1_parser_t.get_level - */ -static u_int get_level(private_asn1_parser_t *this) -======= METHOD(asn1_parser_t, get_level, u_int, private_asn1_parser_t *this) ->>>>>>> upstream/4.5.1 { return this->level0 + this->objects[this->line].level; } -<<<<<<< HEAD -/** - * Implementation of asn1_parser_t.set_top_level - */ -static void set_top_level(private_asn1_parser_t *this, u_int level0) -======= METHOD(asn1_parser_t, set_top_level, void, private_asn1_parser_t *this, u_int level0) ->>>>>>> upstream/4.5.1 { this->level0 = level0; } -<<<<<<< HEAD -/** - * Implementation of asn1_parser_t.set_flags - */ -static void set_flags(private_asn1_parser_t *this, bool implicit, bool private) -======= METHOD(asn1_parser_t, set_flags, void, private_asn1_parser_t *this, bool implicit, bool private) ->>>>>>> upstream/4.5.1 { this->implicit = implicit; this->private = private; } -<<<<<<< HEAD -/** - * Implementation of asn1_parser_t.success - */ -static bool success(private_asn1_parser_t *this) -======= METHOD(asn1_parser_t, success, bool, private_asn1_parser_t *this) ->>>>>>> upstream/4.5.1 { return this->success; } -<<<<<<< HEAD -/** - * Implementation of asn1_parser_t.destroy - */ -static void destroy(private_asn1_parser_t *this) -======= METHOD(asn1_parser_t, destroy, void, private_asn1_parser_t *this) ->>>>>>> upstream/4.5.1 { free(this); } @@ -310,22 +268,6 @@ METHOD(asn1_parser_t, destroy, void, */ asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob) { -<<<<<<< HEAD - private_asn1_parser_t *this = malloc_thing(private_asn1_parser_t); - - memset(this, '\0', sizeof(private_asn1_parser_t)); - this->objects = objects; - this->blobs[0] = blob; - this->line = -1; - this->success = TRUE; - - this->public.iterate = (bool (*)(asn1_parser_t*, int*, chunk_t*))iterate; - this->public.get_level = (u_int (*)(asn1_parser_t*))get_level; - this->public.set_top_level = (void (*)(asn1_parser_t*, u_int))set_top_level; - this->public.set_flags = (void (*)(asn1_parser_t*, bool, bool))set_flags; - this->public.success = (bool (*)(asn1_parser_t*))success; - this->public.destroy = (void (*)(asn1_parser_t*))destroy; -======= private_asn1_parser_t *this; INIT(this, @@ -342,7 +284,6 @@ asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob) .line = -1, .success = TRUE, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index b823d6189..6af088fd2 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -10,364 +10,6 @@ #include "oid.h" const oid_t oid_names[] = { -<<<<<<< HEAD - {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */ - { 0x82, 0, 1, 1, "" }, /* 1 */ - { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */ - { 0x01, 0, 1, 3, "Deutsche Telekom AG" }, /* 3 */ - { 0x0A, 0, 1, 4, "" }, /* 4 */ - { 0x07, 0, 1, 5, "" }, /* 5 */ - { 0x14, 0, 0, 6, "ND" }, /* 6 */ - {0x09, 18, 1, 0, "data" }, /* 7 */ - { 0x92, 0, 1, 1, "" }, /* 8 */ - { 0x26, 0, 1, 2, "" }, /* 9 */ - { 0x89, 0, 1, 3, "" }, /* 10 */ - { 0x93, 0, 1, 4, "" }, /* 11 */ - { 0xF2, 0, 1, 5, "" }, /* 12 */ - { 0x2C, 0, 1, 6, "" }, /* 13 */ - { 0x64, 0, 1, 7, "pilot" }, /* 14 */ - { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */ - { 0x01, 17, 0, 9, "UID" }, /* 16 */ - { 0x19, 0, 0, 9, "DC" }, /* 17 */ - {0x55, 64, 1, 0, "X.500" }, /* 18 */ - { 0x04, 36, 1, 1, "X.509" }, /* 19 */ - { 0x03, 21, 0, 2, "CN" }, /* 20 */ - { 0x04, 22, 0, 2, "S" }, /* 21 */ - { 0x05, 23, 0, 2, "SN" }, /* 22 */ - { 0x06, 24, 0, 2, "C" }, /* 23 */ - { 0x07, 25, 0, 2, "L" }, /* 24 */ - { 0x08, 26, 0, 2, "ST" }, /* 25 */ - { 0x0A, 27, 0, 2, "O" }, /* 26 */ - { 0x0B, 28, 0, 2, "OU" }, /* 27 */ - { 0x0C, 29, 0, 2, "T" }, /* 28 */ - { 0x0D, 30, 0, 2, "D" }, /* 29 */ - { 0x24, 31, 0, 2, "userCertificate" }, /* 30 */ - { 0x29, 32, 0, 2, "N" }, /* 31 */ - { 0x2A, 33, 0, 2, "G" }, /* 32 */ - { 0x2B, 34, 0, 2, "I" }, /* 33 */ - { 0x2D, 35, 0, 2, "ID" }, /* 34 */ - { 0x48, 0, 0, 2, "role" }, /* 35 */ - { 0x1D, 0, 1, 1, "id-ce" }, /* 36 */ - { 0x09, 38, 0, 2, "subjectDirectoryAttrs" }, /* 37 */ - { 0x0E, 39, 0, 2, "subjectKeyIdentifier" }, /* 38 */ - { 0x0F, 40, 0, 2, "keyUsage" }, /* 39 */ - { 0x10, 41, 0, 2, "privateKeyUsagePeriod" }, /* 40 */ - { 0x11, 42, 0, 2, "subjectAltName" }, /* 41 */ - { 0x12, 43, 0, 2, "issuerAltName" }, /* 42 */ - { 0x13, 44, 0, 2, "basicConstraints" }, /* 43 */ - { 0x14, 45, 0, 2, "crlNumber" }, /* 44 */ - { 0x15, 46, 0, 2, "reasonCode" }, /* 45 */ - { 0x17, 47, 0, 2, "holdInstructionCode" }, /* 46 */ - { 0x18, 48, 0, 2, "invalidityDate" }, /* 47 */ - { 0x1B, 49, 0, 2, "deltaCrlIndicator" }, /* 48 */ - { 0x1C, 50, 0, 2, "issuingDistributionPoint" }, /* 49 */ - { 0x1D, 51, 0, 2, "certificateIssuer" }, /* 50 */ - { 0x1E, 52, 0, 2, "nameConstraints" }, /* 51 */ - { 0x1F, 53, 0, 2, "crlDistributionPoints" }, /* 52 */ - { 0x20, 55, 1, 2, "certificatePolicies" }, /* 53 */ - { 0x00, 0, 0, 3, "anyPolicy" }, /* 54 */ - { 0x21, 56, 0, 2, "policyMappings" }, /* 55 */ - { 0x23, 57, 0, 2, "authorityKeyIdentifier" }, /* 56 */ - { 0x24, 58, 0, 2, "policyConstraints" }, /* 57 */ - { 0x25, 60, 1, 2, "extendedKeyUsage" }, /* 58 */ - { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 59 */ - { 0x2E, 61, 0, 2, "freshestCRL" }, /* 60 */ - { 0x36, 62, 0, 2, "inhibitAnyPolicy" }, /* 61 */ - { 0x37, 63, 0, 2, "targetInformation" }, /* 62 */ - { 0x38, 0, 0, 2, "noRevAvail" }, /* 63 */ - {0x2A, 161, 1, 0, "" }, /* 64 */ - { 0x83, 77, 1, 1, "" }, /* 65 */ - { 0x08, 0, 1, 2, "jp" }, /* 66 */ - { 0x8C, 0, 1, 3, "" }, /* 67 */ - { 0x9A, 0, 1, 4, "" }, /* 68 */ - { 0x4B, 0, 1, 5, "" }, /* 69 */ - { 0x3D, 0, 1, 6, "" }, /* 70 */ - { 0x01, 0, 1, 7, "security" }, /* 71 */ - { 0x01, 0, 1, 8, "algorithm" }, /* 72 */ - { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 73 */ - { 0x02, 75, 0, 10, "camellia128-cbc" }, /* 74 */ - { 0x03, 76, 0, 10, "camellia192-cbc" }, /* 75 */ - { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 76 */ - { 0x86, 0, 1, 1, "" }, /* 77 */ - { 0x48, 0, 1, 2, "us" }, /* 78 */ - { 0x86, 120, 1, 3, "" }, /* 79 */ - { 0xF6, 85, 1, 4, "" }, /* 80 */ - { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 81 */ - { 0x07, 0, 1, 6, "Entrust" }, /* 82 */ - { 0x41, 0, 1, 7, "nsn-ce" }, /* 83 */ - { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 84 */ - { 0xF7, 0, 1, 4, "" }, /* 85 */ - { 0x0D, 0, 1, 5, "RSADSI" }, /* 86 */ - { 0x01, 115, 1, 6, "PKCS" }, /* 87 */ - { 0x01, 97, 1, 7, "PKCS-1" }, /* 88 */ - { 0x01, 90, 0, 8, "rsaEncryption" }, /* 89 */ - { 0x02, 91, 0, 8, "md2WithRSAEncryption" }, /* 90 */ - { 0x04, 92, 0, 8, "md5WithRSAEncryption" }, /* 91 */ - { 0x05, 93, 0, 8, "sha-1WithRSAEncryption" }, /* 92 */ - { 0x0B, 94, 0, 8, "sha256WithRSAEncryption" }, /* 93 */ - { 0x0C, 95, 0, 8, "sha384WithRSAEncryption" }, /* 94 */ - { 0x0D, 96, 0, 8, "sha512WithRSAEncryption" }, /* 95 */ - { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 96 */ - { 0x07, 104, 1, 7, "PKCS-7" }, /* 97 */ - { 0x01, 99, 0, 8, "data" }, /* 98 */ - { 0x02, 100, 0, 8, "signedData" }, /* 99 */ - { 0x03, 101, 0, 8, "envelopedData" }, /* 100 */ - { 0x04, 102, 0, 8, "signedAndEnvelopedData" }, /* 101 */ - { 0x05, 103, 0, 8, "digestedData" }, /* 102 */ - { 0x06, 0, 0, 8, "encryptedData" }, /* 103 */ - { 0x09, 0, 1, 7, "PKCS-9" }, /* 104 */ - { 0x01, 106, 0, 8, "E" }, /* 105 */ - { 0x02, 107, 0, 8, "unstructuredName" }, /* 106 */ - { 0x03, 108, 0, 8, "contentType" }, /* 107 */ - { 0x04, 109, 0, 8, "messageDigest" }, /* 108 */ - { 0x05, 110, 0, 8, "signingTime" }, /* 109 */ - { 0x06, 111, 0, 8, "counterSignature" }, /* 110 */ - { 0x07, 112, 0, 8, "challengePassword" }, /* 111 */ - { 0x08, 113, 0, 8, "unstructuredAddress" }, /* 112 */ - { 0x0E, 114, 0, 8, "extensionRequest" }, /* 113 */ - { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 114 */ - { 0x02, 118, 1, 6, "digestAlgorithm" }, /* 115 */ - { 0x02, 117, 0, 7, "md2" }, /* 116 */ - { 0x05, 0, 0, 7, "md5" }, /* 117 */ - { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 118 */ - { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 119 */ - { 0xCE, 0, 1, 3, "" }, /* 120 */ - { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 121 */ - { 0x02, 124, 1, 5, "id-publicKeyType" }, /* 122 */ - { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 123 */ - { 0x03, 154, 1, 5, "ellipticCurve" }, /* 124 */ - { 0x00, 146, 1, 6, "c-TwoCurve" }, /* 125 */ - { 0x01, 127, 0, 7, "c2pnb163v1" }, /* 126 */ - { 0x02, 128, 0, 7, "c2pnb163v2" }, /* 127 */ - { 0x03, 129, 0, 7, "c2pnb163v3" }, /* 128 */ - { 0x04, 130, 0, 7, "c2pnb176w1" }, /* 129 */ - { 0x05, 131, 0, 7, "c2tnb191v1" }, /* 130 */ - { 0x06, 132, 0, 7, "c2tnb191v2" }, /* 131 */ - { 0x07, 133, 0, 7, "c2tnb191v3" }, /* 132 */ - { 0x08, 134, 0, 7, "c2onb191v4" }, /* 133 */ - { 0x09, 135, 0, 7, "c2onb191v5" }, /* 134 */ - { 0x0A, 136, 0, 7, "c2pnb208w1" }, /* 135 */ - { 0x0B, 137, 0, 7, "c2tnb239v1" }, /* 136 */ - { 0x0C, 138, 0, 7, "c2tnb239v2" }, /* 137 */ - { 0x0D, 139, 0, 7, "c2tnb239v3" }, /* 138 */ - { 0x0E, 140, 0, 7, "c2onb239v4" }, /* 139 */ - { 0x0F, 141, 0, 7, "c2onb239v5" }, /* 140 */ - { 0x10, 142, 0, 7, "c2pnb272w1" }, /* 141 */ - { 0x11, 143, 0, 7, "c2pnb304w1" }, /* 142 */ - { 0x12, 144, 0, 7, "c2tnb359v1" }, /* 143 */ - { 0x13, 145, 0, 7, "c2pnb368w1" }, /* 144 */ - { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 145 */ - { 0x01, 0, 1, 6, "primeCurve" }, /* 146 */ - { 0x01, 148, 0, 7, "prime192v1" }, /* 147 */ - { 0x02, 149, 0, 7, "prime192v2" }, /* 148 */ - { 0x03, 150, 0, 7, "prime192v3" }, /* 149 */ - { 0x04, 151, 0, 7, "prime239v1" }, /* 150 */ - { 0x05, 152, 0, 7, "prime239v2" }, /* 151 */ - { 0x06, 153, 0, 7, "prime239v3" }, /* 152 */ - { 0x07, 0, 0, 7, "prime256v1" }, /* 153 */ - { 0x04, 0, 1, 5, "id-ecSigType" }, /* 154 */ - { 0x01, 156, 0, 6, "ecdsa-with-SHA1" }, /* 155 */ - { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 156 */ - { 0x01, 158, 0, 7, "ecdsa-with-SHA224" }, /* 157 */ - { 0x02, 159, 0, 7, "ecdsa-with-SHA256" }, /* 158 */ - { 0x03, 160, 0, 7, "ecdsa-with-SHA384" }, /* 159 */ - { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 160 */ - {0x2B, 309, 1, 0, "" }, /* 161 */ - { 0x06, 223, 1, 1, "dod" }, /* 162 */ - { 0x01, 0, 1, 2, "internet" }, /* 163 */ - { 0x04, 183, 1, 3, "private" }, /* 164 */ - { 0x01, 0, 1, 4, "enterprise" }, /* 165 */ - { 0x82, 176, 1, 5, "" }, /* 166 */ - { 0x37, 0, 1, 6, "Microsoft" }, /* 167 */ - { 0x0A, 172, 1, 7, "" }, /* 168 */ - { 0x03, 0, 1, 8, "" }, /* 169 */ - { 0x03, 171, 0, 9, "msSGC" }, /* 170 */ - { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 171 */ - { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 172 */ - { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 173 */ - { 0x02, 175, 0, 9, "msSmartcardLogon" }, /* 174 */ - { 0x03, 0, 0, 9, "msUPN" }, /* 175 */ - { 0x89, 0, 1, 5, "" }, /* 176 */ - { 0x31, 0, 1, 6, "" }, /* 177 */ - { 0x01, 0, 1, 7, "" }, /* 178 */ - { 0x01, 0, 1, 8, "" }, /* 179 */ - { 0x02, 0, 1, 9, "" }, /* 180 */ - { 0x02, 182, 0, 10, "" }, /* 181 */ - { 0x4B, 0, 0, 10, "TCGID" }, /* 182 */ - { 0x05, 0, 1, 3, "security" }, /* 183 */ - { 0x05, 0, 1, 4, "mechanisms" }, /* 184 */ - { 0x07, 0, 1, 5, "id-pkix" }, /* 185 */ - { 0x01, 190, 1, 6, "id-pe" }, /* 186 */ - { 0x01, 188, 0, 7, "authorityInfoAccess" }, /* 187 */ - { 0x03, 189, 0, 7, "qcStatements" }, /* 188 */ - { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 189 */ - { 0x02, 193, 1, 6, "id-qt" }, /* 190 */ - { 0x01, 192, 0, 7, "cps" }, /* 191 */ - { 0x02, 0, 0, 7, "unotice" }, /* 192 */ - { 0x03, 203, 1, 6, "id-kp" }, /* 193 */ - { 0x01, 195, 0, 7, "serverAuth" }, /* 194 */ - { 0x02, 196, 0, 7, "clientAuth" }, /* 195 */ - { 0x03, 197, 0, 7, "codeSigning" }, /* 196 */ - { 0x04, 198, 0, 7, "emailProtection" }, /* 197 */ - { 0x05, 199, 0, 7, "ipsecEndSystem" }, /* 198 */ - { 0x06, 200, 0, 7, "ipsecTunnel" }, /* 199 */ - { 0x07, 201, 0, 7, "ipsecUser" }, /* 200 */ - { 0x08, 202, 0, 7, "timeStamping" }, /* 201 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 202 */ - { 0x08, 205, 1, 6, "id-otherNames" }, /* 203 */ - { 0x05, 0, 0, 7, "xmppAddr" }, /* 204 */ - { 0x0A, 210, 1, 6, "id-aca" }, /* 205 */ - { 0x01, 207, 0, 7, "authenticationInfo" }, /* 206 */ - { 0x02, 208, 0, 7, "accessIdentity" }, /* 207 */ - { 0x03, 209, 0, 7, "chargingIdentity" }, /* 208 */ - { 0x04, 0, 0, 7, "group" }, /* 209 */ - { 0x0B, 211, 0, 6, "subjectInfoAccess" }, /* 210 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 211 */ - { 0x01, 220, 1, 7, "ocsp" }, /* 212 */ - { 0x01, 214, 0, 8, "basic" }, /* 213 */ - { 0x02, 215, 0, 8, "nonce" }, /* 214 */ - { 0x03, 216, 0, 8, "crl" }, /* 215 */ - { 0x04, 217, 0, 8, "response" }, /* 216 */ - { 0x05, 218, 0, 8, "noCheck" }, /* 217 */ - { 0x06, 219, 0, 8, "archiveCutoff" }, /* 218 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 219 */ - { 0x02, 221, 0, 7, "caIssuers" }, /* 220 */ - { 0x03, 222, 0, 7, "timeStamping" }, /* 221 */ - { 0x05, 0, 0, 7, "caRepository" }, /* 222 */ - { 0x0E, 229, 1, 1, "oiw" }, /* 223 */ - { 0x03, 0, 1, 2, "secsig" }, /* 224 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 225 */ - { 0x07, 227, 0, 4, "des-cbc" }, /* 226 */ - { 0x1A, 228, 0, 4, "sha-1" }, /* 227 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 228 */ - { 0x24, 275, 1, 1, "TeleTrusT" }, /* 229 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 230 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 231 */ - { 0x01, 236, 1, 4, "rsaSignature" }, /* 232 */ - { 0x02, 234, 0, 5, "rsaSigWithripemd160" }, /* 233 */ - { 0x03, 235, 0, 5, "rsaSigWithripemd128" }, /* 234 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 235 */ - { 0x02, 0, 1, 4, "ecSign" }, /* 236 */ - { 0x01, 238, 0, 5, "ecSignWithsha1" }, /* 237 */ - { 0x02, 239, 0, 5, "ecSignWithripemd160" }, /* 238 */ - { 0x03, 240, 0, 5, "ecSignWithmd2" }, /* 239 */ - { 0x04, 241, 0, 5, "ecSignWithmd5" }, /* 240 */ - { 0x05, 258, 1, 5, "ttt-ecg" }, /* 241 */ - { 0x01, 246, 1, 6, "fieldType" }, /* 242 */ - { 0x01, 0, 1, 7, "characteristictwoField" }, /* 243 */ - { 0x01, 0, 1, 8, "basisType" }, /* 244 */ - { 0x01, 0, 0, 9, "ipBasis" }, /* 245 */ - { 0x02, 248, 1, 6, "keyType" }, /* 246 */ - { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 247 */ - { 0x03, 249, 0, 6, "curve" }, /* 248 */ - { 0x04, 256, 1, 6, "signatures" }, /* 249 */ - { 0x01, 251, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 250 */ - { 0x02, 252, 0, 7, "ecgdsa-with-SHA1" }, /* 251 */ - { 0x03, 253, 0, 7, "ecgdsa-with-SHA224" }, /* 252 */ - { 0x04, 254, 0, 7, "ecgdsa-with-SHA256" }, /* 253 */ - { 0x05, 255, 0, 7, "ecgdsa-with-SHA384" }, /* 254 */ - { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 255 */ - { 0x05, 0, 1, 6, "module" }, /* 256 */ - { 0x01, 0, 0, 7, "1" }, /* 257 */ - { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 258 */ - { 0x01, 0, 1, 6, "ellipticCurve" }, /* 259 */ - { 0x01, 0, 1, 7, "versionOne" }, /* 260 */ - { 0x01, 262, 0, 8, "brainpoolP160r1" }, /* 261 */ - { 0x02, 263, 0, 8, "brainpoolP160t1" }, /* 262 */ - { 0x03, 264, 0, 8, "brainpoolP192r1" }, /* 263 */ - { 0x04, 265, 0, 8, "brainpoolP192t1" }, /* 264 */ - { 0x05, 266, 0, 8, "brainpoolP224r1" }, /* 265 */ - { 0x06, 267, 0, 8, "brainpoolP224t1" }, /* 266 */ - { 0x07, 268, 0, 8, "brainpoolP256r1" }, /* 267 */ - { 0x08, 269, 0, 8, "brainpoolP256t1" }, /* 268 */ - { 0x09, 270, 0, 8, "brainpoolP320r1" }, /* 269 */ - { 0x0A, 271, 0, 8, "brainpoolP320t1" }, /* 270 */ - { 0x0B, 272, 0, 8, "brainpoolP384r1" }, /* 271 */ - { 0x0C, 273, 0, 8, "brainpoolP384t1" }, /* 272 */ - { 0x0D, 274, 0, 8, "brainpoolP512r1" }, /* 273 */ - { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 274 */ - { 0x81, 0, 1, 1, "" }, /* 275 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 276 */ - { 0x00, 0, 1, 3, "curve" }, /* 277 */ - { 0x01, 279, 0, 4, "sect163k1" }, /* 278 */ - { 0x02, 280, 0, 4, "sect163r1" }, /* 279 */ - { 0x03, 281, 0, 4, "sect239k1" }, /* 280 */ - { 0x04, 282, 0, 4, "sect113r1" }, /* 281 */ - { 0x05, 283, 0, 4, "sect113r2" }, /* 282 */ - { 0x06, 284, 0, 4, "secp112r1" }, /* 283 */ - { 0x07, 285, 0, 4, "secp112r2" }, /* 284 */ - { 0x08, 286, 0, 4, "secp160r1" }, /* 285 */ - { 0x09, 287, 0, 4, "secp160k1" }, /* 286 */ - { 0x0A, 288, 0, 4, "secp256k1" }, /* 287 */ - { 0x0F, 289, 0, 4, "sect163r2" }, /* 288 */ - { 0x10, 290, 0, 4, "sect283k1" }, /* 289 */ - { 0x11, 291, 0, 4, "sect283r1" }, /* 290 */ - { 0x16, 292, 0, 4, "sect131r1" }, /* 291 */ - { 0x17, 293, 0, 4, "sect131r2" }, /* 292 */ - { 0x18, 294, 0, 4, "sect193r1" }, /* 293 */ - { 0x19, 295, 0, 4, "sect193r2" }, /* 294 */ - { 0x1A, 296, 0, 4, "sect233k1" }, /* 295 */ - { 0x1B, 297, 0, 4, "sect233r1" }, /* 296 */ - { 0x1C, 298, 0, 4, "secp128r1" }, /* 297 */ - { 0x1D, 299, 0, 4, "secp128r2" }, /* 298 */ - { 0x1E, 300, 0, 4, "secp160r2" }, /* 299 */ - { 0x1F, 301, 0, 4, "secp192k1" }, /* 300 */ - { 0x20, 302, 0, 4, "secp224k1" }, /* 301 */ - { 0x21, 303, 0, 4, "secp224r1" }, /* 302 */ - { 0x22, 304, 0, 4, "secp384r1" }, /* 303 */ - { 0x23, 305, 0, 4, "secp521r1" }, /* 304 */ - { 0x24, 306, 0, 4, "sect409k1" }, /* 305 */ - { 0x25, 307, 0, 4, "sect409r1" }, /* 306 */ - { 0x26, 308, 0, 4, "sect571k1" }, /* 307 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 308 */ - {0x60, 0, 1, 0, "" }, /* 309 */ - { 0x86, 0, 1, 1, "" }, /* 310 */ - { 0x48, 0, 1, 2, "" }, /* 311 */ - { 0x01, 0, 1, 3, "organization" }, /* 312 */ - { 0x65, 331, 1, 4, "gov" }, /* 313 */ - { 0x03, 0, 1, 5, "csor" }, /* 314 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 315 */ - { 0x01, 326, 1, 7, "aes" }, /* 316 */ - { 0x02, 318, 0, 8, "id-aes128-CBC" }, /* 317 */ - { 0x06, 319, 0, 8, "id-aes128-GCM" }, /* 318 */ - { 0x07, 320, 0, 8, "id-aes128-CCM" }, /* 319 */ - { 0x16, 321, 0, 8, "id-aes192-CBC" }, /* 320 */ - { 0x1A, 322, 0, 8, "id-aes192-GCM" }, /* 321 */ - { 0x1B, 323, 0, 8, "id-aes192-CCM" }, /* 322 */ - { 0x2A, 324, 0, 8, "id-aes256-CBC" }, /* 323 */ - { 0x2E, 325, 0, 8, "id-aes256-GCM" }, /* 324 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 325 */ - { 0x02, 0, 1, 7, "hashalgs" }, /* 326 */ - { 0x01, 328, 0, 8, "id-SHA-256" }, /* 327 */ - { 0x02, 329, 0, 8, "id-SHA-384" }, /* 328 */ - { 0x03, 330, 0, 8, "id-SHA-512" }, /* 329 */ - { 0x04, 0, 0, 8, "id-SHA-224" }, /* 330 */ - { 0x86, 0, 1, 4, "" }, /* 331 */ - { 0xf8, 0, 1, 5, "" }, /* 332 */ - { 0x42, 345, 1, 6, "netscape" }, /* 333 */ - { 0x01, 340, 1, 7, "" }, /* 334 */ - { 0x01, 336, 0, 8, "nsCertType" }, /* 335 */ - { 0x03, 337, 0, 8, "nsRevocationUrl" }, /* 336 */ - { 0x04, 338, 0, 8, "nsCaRevocationUrl" }, /* 337 */ - { 0x08, 339, 0, 8, "nsCaPolicyUrl" }, /* 338 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 339 */ - { 0x03, 343, 1, 7, "directory" }, /* 340 */ - { 0x01, 0, 1, 8, "" }, /* 341 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 342 */ - { 0x04, 0, 1, 7, "policy" }, /* 343 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 344 */ - { 0x45, 0, 1, 6, "verisign" }, /* 345 */ - { 0x01, 0, 1, 7, "pki" }, /* 346 */ - { 0x09, 0, 1, 8, "attributes" }, /* 347 */ - { 0x02, 349, 0, 9, "messageType" }, /* 348 */ - { 0x03, 350, 0, 9, "pkiStatus" }, /* 349 */ - { 0x04, 351, 0, 9, "failInfo" }, /* 350 */ - { 0x05, 352, 0, 9, "senderNonce" }, /* 351 */ - { 0x06, 353, 0, 9, "recipientNonce" }, /* 352 */ - { 0x07, 354, 0, 9, "transID" }, /* 353 */ - { 0x08, 355, 0, 9, "extensionReq" }, /* 354 */ - { 0x08, 0, 0, 9, "extensionReq" } /* 355 */ -======= {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */ { 0x82, 0, 1, 1, "" }, /* 1 */ { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */ @@ -432,7 +74,7 @@ const oid_t oid_names[] = { { 0x36, 62, 0, 2, "inhibitAnyPolicy" }, /* 61 */ { 0x37, 63, 0, 2, "targetInformation" }, /* 62 */ { 0x38, 0, 0, 2, "noRevAvail" }, /* 63 */ - {0x2A, 161, 1, 0, "" }, /* 64 */ + {0x2A, 163, 1, 0, "" }, /* 64 */ { 0x83, 77, 1, 1, "" }, /* 65 */ { 0x08, 0, 1, 2, "jp" }, /* 66 */ { 0x8C, 0, 1, 3, "" }, /* 67 */ @@ -447,7 +89,7 @@ const oid_t oid_names[] = { { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 76 */ { 0x86, 0, 1, 1, "" }, /* 77 */ { 0x48, 0, 1, 2, "us" }, /* 78 */ - { 0x86, 120, 1, 3, "" }, /* 79 */ + { 0x86, 122, 1, 3, "" }, /* 79 */ { 0xF6, 85, 1, 4, "" }, /* 80 */ { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 81 */ { 0x07, 0, 1, 6, "Entrust" }, /* 82 */ @@ -455,277 +97,285 @@ const oid_t oid_names[] = { { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 84 */ { 0xF7, 0, 1, 4, "" }, /* 85 */ { 0x0D, 0, 1, 5, "RSADSI" }, /* 86 */ - { 0x01, 115, 1, 6, "PKCS" }, /* 87 */ - { 0x01, 97, 1, 7, "PKCS-1" }, /* 88 */ + { 0x01, 117, 1, 6, "PKCS" }, /* 87 */ + { 0x01, 99, 1, 7, "PKCS-1" }, /* 88 */ { 0x01, 90, 0, 8, "rsaEncryption" }, /* 89 */ { 0x02, 91, 0, 8, "md2WithRSAEncryption" }, /* 90 */ { 0x04, 92, 0, 8, "md5WithRSAEncryption" }, /* 91 */ { 0x05, 93, 0, 8, "sha-1WithRSAEncryption" }, /* 92 */ - { 0x0B, 94, 0, 8, "sha256WithRSAEncryption" }, /* 93 */ - { 0x0C, 95, 0, 8, "sha384WithRSAEncryption" }, /* 94 */ - { 0x0D, 96, 0, 8, "sha512WithRSAEncryption" }, /* 95 */ - { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 96 */ - { 0x07, 104, 1, 7, "PKCS-7" }, /* 97 */ - { 0x01, 99, 0, 8, "data" }, /* 98 */ - { 0x02, 100, 0, 8, "signedData" }, /* 99 */ - { 0x03, 101, 0, 8, "envelopedData" }, /* 100 */ - { 0x04, 102, 0, 8, "signedAndEnvelopedData" }, /* 101 */ - { 0x05, 103, 0, 8, "digestedData" }, /* 102 */ - { 0x06, 0, 0, 8, "encryptedData" }, /* 103 */ - { 0x09, 0, 1, 7, "PKCS-9" }, /* 104 */ - { 0x01, 106, 0, 8, "E" }, /* 105 */ - { 0x02, 107, 0, 8, "unstructuredName" }, /* 106 */ - { 0x03, 108, 0, 8, "contentType" }, /* 107 */ - { 0x04, 109, 0, 8, "messageDigest" }, /* 108 */ - { 0x05, 110, 0, 8, "signingTime" }, /* 109 */ - { 0x06, 111, 0, 8, "counterSignature" }, /* 110 */ - { 0x07, 112, 0, 8, "challengePassword" }, /* 111 */ - { 0x08, 113, 0, 8, "unstructuredAddress" }, /* 112 */ - { 0x0E, 114, 0, 8, "extensionRequest" }, /* 113 */ - { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 114 */ - { 0x02, 118, 1, 6, "digestAlgorithm" }, /* 115 */ - { 0x02, 117, 0, 7, "md2" }, /* 116 */ - { 0x05, 0, 0, 7, "md5" }, /* 117 */ - { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 118 */ - { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 119 */ - { 0xCE, 0, 1, 3, "" }, /* 120 */ - { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 121 */ - { 0x02, 124, 1, 5, "id-publicKeyType" }, /* 122 */ - { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 123 */ - { 0x03, 154, 1, 5, "ellipticCurve" }, /* 124 */ - { 0x00, 146, 1, 6, "c-TwoCurve" }, /* 125 */ - { 0x01, 127, 0, 7, "c2pnb163v1" }, /* 126 */ - { 0x02, 128, 0, 7, "c2pnb163v2" }, /* 127 */ - { 0x03, 129, 0, 7, "c2pnb163v3" }, /* 128 */ - { 0x04, 130, 0, 7, "c2pnb176w1" }, /* 129 */ - { 0x05, 131, 0, 7, "c2tnb191v1" }, /* 130 */ - { 0x06, 132, 0, 7, "c2tnb191v2" }, /* 131 */ - { 0x07, 133, 0, 7, "c2tnb191v3" }, /* 132 */ - { 0x08, 134, 0, 7, "c2onb191v4" }, /* 133 */ - { 0x09, 135, 0, 7, "c2onb191v5" }, /* 134 */ - { 0x0A, 136, 0, 7, "c2pnb208w1" }, /* 135 */ - { 0x0B, 137, 0, 7, "c2tnb239v1" }, /* 136 */ - { 0x0C, 138, 0, 7, "c2tnb239v2" }, /* 137 */ - { 0x0D, 139, 0, 7, "c2tnb239v3" }, /* 138 */ - { 0x0E, 140, 0, 7, "c2onb239v4" }, /* 139 */ - { 0x0F, 141, 0, 7, "c2onb239v5" }, /* 140 */ - { 0x10, 142, 0, 7, "c2pnb272w1" }, /* 141 */ - { 0x11, 143, 0, 7, "c2pnb304w1" }, /* 142 */ - { 0x12, 144, 0, 7, "c2tnb359v1" }, /* 143 */ - { 0x13, 145, 0, 7, "c2pnb368w1" }, /* 144 */ - { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 145 */ - { 0x01, 0, 1, 6, "primeCurve" }, /* 146 */ - { 0x01, 148, 0, 7, "prime192v1" }, /* 147 */ - { 0x02, 149, 0, 7, "prime192v2" }, /* 148 */ - { 0x03, 150, 0, 7, "prime192v3" }, /* 149 */ - { 0x04, 151, 0, 7, "prime239v1" }, /* 150 */ - { 0x05, 152, 0, 7, "prime239v2" }, /* 151 */ - { 0x06, 153, 0, 7, "prime239v3" }, /* 152 */ - { 0x07, 0, 0, 7, "prime256v1" }, /* 153 */ - { 0x04, 0, 1, 5, "id-ecSigType" }, /* 154 */ - { 0x01, 156, 0, 6, "ecdsa-with-SHA1" }, /* 155 */ - { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 156 */ - { 0x01, 158, 0, 7, "ecdsa-with-SHA224" }, /* 157 */ - { 0x02, 159, 0, 7, "ecdsa-with-SHA256" }, /* 158 */ - { 0x03, 160, 0, 7, "ecdsa-with-SHA384" }, /* 159 */ - { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 160 */ - {0x2B, 312, 1, 0, "" }, /* 161 */ - { 0x06, 226, 1, 1, "dod" }, /* 162 */ - { 0x01, 0, 1, 2, "internet" }, /* 163 */ - { 0x04, 186, 1, 3, "private" }, /* 164 */ - { 0x01, 0, 1, 4, "enterprise" }, /* 165 */ - { 0x82, 179, 1, 5, "" }, /* 166 */ - { 0x37, 176, 1, 6, "Microsoft" }, /* 167 */ - { 0x0A, 172, 1, 7, "" }, /* 168 */ - { 0x03, 0, 1, 8, "" }, /* 169 */ - { 0x03, 171, 0, 9, "msSGC" }, /* 170 */ - { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 171 */ - { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 172 */ - { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 173 */ - { 0x02, 175, 0, 9, "msSmartcardLogon" }, /* 174 */ - { 0x03, 0, 0, 9, "msUPN" }, /* 175 */ - { 0xA0, 0, 1, 6, "" }, /* 176 */ - { 0x2A, 0, 1, 7, "ITA" }, /* 177 */ - { 0x01, 0, 0, 8, "strongSwan" }, /* 178 */ - { 0x89, 0, 1, 5, "" }, /* 179 */ - { 0x31, 0, 1, 6, "" }, /* 180 */ - { 0x01, 0, 1, 7, "" }, /* 181 */ - { 0x01, 0, 1, 8, "" }, /* 182 */ - { 0x02, 0, 1, 9, "" }, /* 183 */ - { 0x02, 0, 1, 10, "" }, /* 184 */ - { 0x4B, 0, 0, 11, "TCGID" }, /* 185 */ - { 0x05, 0, 1, 3, "security" }, /* 186 */ - { 0x05, 0, 1, 4, "mechanisms" }, /* 187 */ - { 0x07, 0, 1, 5, "id-pkix" }, /* 188 */ - { 0x01, 193, 1, 6, "id-pe" }, /* 189 */ - { 0x01, 191, 0, 7, "authorityInfoAccess" }, /* 190 */ - { 0x03, 192, 0, 7, "qcStatements" }, /* 191 */ - { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 192 */ - { 0x02, 196, 1, 6, "id-qt" }, /* 193 */ - { 0x01, 195, 0, 7, "cps" }, /* 194 */ - { 0x02, 0, 0, 7, "unotice" }, /* 195 */ - { 0x03, 206, 1, 6, "id-kp" }, /* 196 */ - { 0x01, 198, 0, 7, "serverAuth" }, /* 197 */ - { 0x02, 199, 0, 7, "clientAuth" }, /* 198 */ - { 0x03, 200, 0, 7, "codeSigning" }, /* 199 */ - { 0x04, 201, 0, 7, "emailProtection" }, /* 200 */ - { 0x05, 202, 0, 7, "ipsecEndSystem" }, /* 201 */ - { 0x06, 203, 0, 7, "ipsecTunnel" }, /* 202 */ - { 0x07, 204, 0, 7, "ipsecUser" }, /* 203 */ - { 0x08, 205, 0, 7, "timeStamping" }, /* 204 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 205 */ - { 0x08, 208, 1, 6, "id-otherNames" }, /* 206 */ - { 0x05, 0, 0, 7, "xmppAddr" }, /* 207 */ - { 0x0A, 213, 1, 6, "id-aca" }, /* 208 */ - { 0x01, 210, 0, 7, "authenticationInfo" }, /* 209 */ - { 0x02, 211, 0, 7, "accessIdentity" }, /* 210 */ - { 0x03, 212, 0, 7, "chargingIdentity" }, /* 211 */ - { 0x04, 0, 0, 7, "group" }, /* 212 */ - { 0x0B, 214, 0, 6, "subjectInfoAccess" }, /* 213 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 214 */ - { 0x01, 223, 1, 7, "ocsp" }, /* 215 */ - { 0x01, 217, 0, 8, "basic" }, /* 216 */ - { 0x02, 218, 0, 8, "nonce" }, /* 217 */ - { 0x03, 219, 0, 8, "crl" }, /* 218 */ - { 0x04, 220, 0, 8, "response" }, /* 219 */ - { 0x05, 221, 0, 8, "noCheck" }, /* 220 */ - { 0x06, 222, 0, 8, "archiveCutoff" }, /* 221 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 222 */ - { 0x02, 224, 0, 7, "caIssuers" }, /* 223 */ - { 0x03, 225, 0, 7, "timeStamping" }, /* 224 */ - { 0x05, 0, 0, 7, "caRepository" }, /* 225 */ - { 0x0E, 232, 1, 1, "oiw" }, /* 226 */ - { 0x03, 0, 1, 2, "secsig" }, /* 227 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 228 */ - { 0x07, 230, 0, 4, "des-cbc" }, /* 229 */ - { 0x1A, 231, 0, 4, "sha-1" }, /* 230 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 231 */ - { 0x24, 278, 1, 1, "TeleTrusT" }, /* 232 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 233 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 234 */ - { 0x01, 239, 1, 4, "rsaSignature" }, /* 235 */ - { 0x02, 237, 0, 5, "rsaSigWithripemd160" }, /* 236 */ - { 0x03, 238, 0, 5, "rsaSigWithripemd128" }, /* 237 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 238 */ - { 0x02, 0, 1, 4, "ecSign" }, /* 239 */ - { 0x01, 241, 0, 5, "ecSignWithsha1" }, /* 240 */ - { 0x02, 242, 0, 5, "ecSignWithripemd160" }, /* 241 */ - { 0x03, 243, 0, 5, "ecSignWithmd2" }, /* 242 */ - { 0x04, 244, 0, 5, "ecSignWithmd5" }, /* 243 */ - { 0x05, 261, 1, 5, "ttt-ecg" }, /* 244 */ - { 0x01, 249, 1, 6, "fieldType" }, /* 245 */ - { 0x01, 0, 1, 7, "characteristictwoField" }, /* 246 */ - { 0x01, 0, 1, 8, "basisType" }, /* 247 */ - { 0x01, 0, 0, 9, "ipBasis" }, /* 248 */ - { 0x02, 251, 1, 6, "keyType" }, /* 249 */ - { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 250 */ - { 0x03, 252, 0, 6, "curve" }, /* 251 */ - { 0x04, 259, 1, 6, "signatures" }, /* 252 */ - { 0x01, 254, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 253 */ - { 0x02, 255, 0, 7, "ecgdsa-with-SHA1" }, /* 254 */ - { 0x03, 256, 0, 7, "ecgdsa-with-SHA224" }, /* 255 */ - { 0x04, 257, 0, 7, "ecgdsa-with-SHA256" }, /* 256 */ - { 0x05, 258, 0, 7, "ecgdsa-with-SHA384" }, /* 257 */ - { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 258 */ - { 0x05, 0, 1, 6, "module" }, /* 259 */ - { 0x01, 0, 0, 7, "1" }, /* 260 */ - { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 261 */ - { 0x01, 0, 1, 6, "ellipticCurve" }, /* 262 */ - { 0x01, 0, 1, 7, "versionOne" }, /* 263 */ - { 0x01, 265, 0, 8, "brainpoolP160r1" }, /* 264 */ - { 0x02, 266, 0, 8, "brainpoolP160t1" }, /* 265 */ - { 0x03, 267, 0, 8, "brainpoolP192r1" }, /* 266 */ - { 0x04, 268, 0, 8, "brainpoolP192t1" }, /* 267 */ - { 0x05, 269, 0, 8, "brainpoolP224r1" }, /* 268 */ - { 0x06, 270, 0, 8, "brainpoolP224t1" }, /* 269 */ - { 0x07, 271, 0, 8, "brainpoolP256r1" }, /* 270 */ - { 0x08, 272, 0, 8, "brainpoolP256t1" }, /* 271 */ - { 0x09, 273, 0, 8, "brainpoolP320r1" }, /* 272 */ - { 0x0A, 274, 0, 8, "brainpoolP320t1" }, /* 273 */ - { 0x0B, 275, 0, 8, "brainpoolP384r1" }, /* 274 */ - { 0x0C, 276, 0, 8, "brainpoolP384t1" }, /* 275 */ - { 0x0D, 277, 0, 8, "brainpoolP512r1" }, /* 276 */ - { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 277 */ - { 0x81, 0, 1, 1, "" }, /* 278 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 279 */ - { 0x00, 0, 1, 3, "curve" }, /* 280 */ - { 0x01, 282, 0, 4, "sect163k1" }, /* 281 */ - { 0x02, 283, 0, 4, "sect163r1" }, /* 282 */ - { 0x03, 284, 0, 4, "sect239k1" }, /* 283 */ - { 0x04, 285, 0, 4, "sect113r1" }, /* 284 */ - { 0x05, 286, 0, 4, "sect113r2" }, /* 285 */ - { 0x06, 287, 0, 4, "secp112r1" }, /* 286 */ - { 0x07, 288, 0, 4, "secp112r2" }, /* 287 */ - { 0x08, 289, 0, 4, "secp160r1" }, /* 288 */ - { 0x09, 290, 0, 4, "secp160k1" }, /* 289 */ - { 0x0A, 291, 0, 4, "secp256k1" }, /* 290 */ - { 0x0F, 292, 0, 4, "sect163r2" }, /* 291 */ - { 0x10, 293, 0, 4, "sect283k1" }, /* 292 */ - { 0x11, 294, 0, 4, "sect283r1" }, /* 293 */ - { 0x16, 295, 0, 4, "sect131r1" }, /* 294 */ - { 0x17, 296, 0, 4, "sect131r2" }, /* 295 */ - { 0x18, 297, 0, 4, "sect193r1" }, /* 296 */ - { 0x19, 298, 0, 4, "sect193r2" }, /* 297 */ - { 0x1A, 299, 0, 4, "sect233k1" }, /* 298 */ - { 0x1B, 300, 0, 4, "sect233r1" }, /* 299 */ - { 0x1C, 301, 0, 4, "secp128r1" }, /* 300 */ - { 0x1D, 302, 0, 4, "secp128r2" }, /* 301 */ - { 0x1E, 303, 0, 4, "secp160r2" }, /* 302 */ - { 0x1F, 304, 0, 4, "secp192k1" }, /* 303 */ - { 0x20, 305, 0, 4, "secp224k1" }, /* 304 */ - { 0x21, 306, 0, 4, "secp224r1" }, /* 305 */ - { 0x22, 307, 0, 4, "secp384r1" }, /* 306 */ - { 0x23, 308, 0, 4, "secp521r1" }, /* 307 */ - { 0x24, 309, 0, 4, "sect409k1" }, /* 308 */ - { 0x25, 310, 0, 4, "sect409r1" }, /* 309 */ - { 0x26, 311, 0, 4, "sect571k1" }, /* 310 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 311 */ - {0x60, 0, 1, 0, "" }, /* 312 */ - { 0x86, 0, 1, 1, "" }, /* 313 */ - { 0x48, 0, 1, 2, "" }, /* 314 */ - { 0x01, 0, 1, 3, "organization" }, /* 315 */ - { 0x65, 334, 1, 4, "gov" }, /* 316 */ - { 0x03, 0, 1, 5, "csor" }, /* 317 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 318 */ - { 0x01, 329, 1, 7, "aes" }, /* 319 */ - { 0x02, 321, 0, 8, "id-aes128-CBC" }, /* 320 */ - { 0x06, 322, 0, 8, "id-aes128-GCM" }, /* 321 */ - { 0x07, 323, 0, 8, "id-aes128-CCM" }, /* 322 */ - { 0x16, 324, 0, 8, "id-aes192-CBC" }, /* 323 */ - { 0x1A, 325, 0, 8, "id-aes192-GCM" }, /* 324 */ - { 0x1B, 326, 0, 8, "id-aes192-CCM" }, /* 325 */ - { 0x2A, 327, 0, 8, "id-aes256-CBC" }, /* 326 */ - { 0x2E, 328, 0, 8, "id-aes256-GCM" }, /* 327 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 328 */ - { 0x02, 0, 1, 7, "hashalgs" }, /* 329 */ - { 0x01, 331, 0, 8, "id-SHA-256" }, /* 330 */ - { 0x02, 332, 0, 8, "id-SHA-384" }, /* 331 */ - { 0x03, 333, 0, 8, "id-SHA-512" }, /* 332 */ - { 0x04, 0, 0, 8, "id-SHA-224" }, /* 333 */ - { 0x86, 0, 1, 4, "" }, /* 334 */ - { 0xf8, 0, 1, 5, "" }, /* 335 */ - { 0x42, 348, 1, 6, "netscape" }, /* 336 */ - { 0x01, 343, 1, 7, "" }, /* 337 */ - { 0x01, 339, 0, 8, "nsCertType" }, /* 338 */ - { 0x03, 340, 0, 8, "nsRevocationUrl" }, /* 339 */ - { 0x04, 341, 0, 8, "nsCaRevocationUrl" }, /* 340 */ - { 0x08, 342, 0, 8, "nsCaPolicyUrl" }, /* 341 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 342 */ - { 0x03, 346, 1, 7, "directory" }, /* 343 */ - { 0x01, 0, 1, 8, "" }, /* 344 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 345 */ - { 0x04, 0, 1, 7, "policy" }, /* 346 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 347 */ - { 0x45, 0, 1, 6, "verisign" }, /* 348 */ - { 0x01, 0, 1, 7, "pki" }, /* 349 */ - { 0x09, 0, 1, 8, "attributes" }, /* 350 */ - { 0x02, 352, 0, 9, "messageType" }, /* 351 */ - { 0x03, 353, 0, 9, "pkiStatus" }, /* 352 */ - { 0x04, 354, 0, 9, "failInfo" }, /* 353 */ - { 0x05, 355, 0, 9, "senderNonce" }, /* 354 */ - { 0x06, 356, 0, 9, "recipientNonce" }, /* 355 */ - { 0x07, 357, 0, 9, "transID" }, /* 356 */ - { 0x08, 358, 0, 9, "extensionReq" }, /* 357 */ - { 0x08, 0, 0, 9, "extensionReq" } /* 358 */ ->>>>>>> upstream/4.5.1 + { 0x07, 94, 0, 8, "id-RSAES-OAEP" }, /* 93 */ + { 0x09, 95, 0, 8, "id-pSpecified" }, /* 94 */ + { 0x0B, 96, 0, 8, "sha256WithRSAEncryption" }, /* 95 */ + { 0x0C, 97, 0, 8, "sha384WithRSAEncryption" }, /* 96 */ + { 0x0D, 98, 0, 8, "sha512WithRSAEncryption" }, /* 97 */ + { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 98 */ + { 0x07, 106, 1, 7, "PKCS-7" }, /* 99 */ + { 0x01, 101, 0, 8, "data" }, /* 100 */ + { 0x02, 102, 0, 8, "signedData" }, /* 101 */ + { 0x03, 103, 0, 8, "envelopedData" }, /* 102 */ + { 0x04, 104, 0, 8, "signedAndEnvelopedData" }, /* 103 */ + { 0x05, 105, 0, 8, "digestedData" }, /* 104 */ + { 0x06, 0, 0, 8, "encryptedData" }, /* 105 */ + { 0x09, 0, 1, 7, "PKCS-9" }, /* 106 */ + { 0x01, 108, 0, 8, "E" }, /* 107 */ + { 0x02, 109, 0, 8, "unstructuredName" }, /* 108 */ + { 0x03, 110, 0, 8, "contentType" }, /* 109 */ + { 0x04, 111, 0, 8, "messageDigest" }, /* 110 */ + { 0x05, 112, 0, 8, "signingTime" }, /* 111 */ + { 0x06, 113, 0, 8, "counterSignature" }, /* 112 */ + { 0x07, 114, 0, 8, "challengePassword" }, /* 113 */ + { 0x08, 115, 0, 8, "unstructuredAddress" }, /* 114 */ + { 0x0E, 116, 0, 8, "extensionRequest" }, /* 115 */ + { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 116 */ + { 0x02, 120, 1, 6, "digestAlgorithm" }, /* 117 */ + { 0x02, 119, 0, 7, "md2" }, /* 118 */ + { 0x05, 0, 0, 7, "md5" }, /* 119 */ + { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 120 */ + { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 121 */ + { 0xCE, 0, 1, 3, "" }, /* 122 */ + { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 123 */ + { 0x02, 126, 1, 5, "id-publicKeyType" }, /* 124 */ + { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 125 */ + { 0x03, 156, 1, 5, "ellipticCurve" }, /* 126 */ + { 0x00, 148, 1, 6, "c-TwoCurve" }, /* 127 */ + { 0x01, 129, 0, 7, "c2pnb163v1" }, /* 128 */ + { 0x02, 130, 0, 7, "c2pnb163v2" }, /* 129 */ + { 0x03, 131, 0, 7, "c2pnb163v3" }, /* 130 */ + { 0x04, 132, 0, 7, "c2pnb176w1" }, /* 131 */ + { 0x05, 133, 0, 7, "c2tnb191v1" }, /* 132 */ + { 0x06, 134, 0, 7, "c2tnb191v2" }, /* 133 */ + { 0x07, 135, 0, 7, "c2tnb191v3" }, /* 134 */ + { 0x08, 136, 0, 7, "c2onb191v4" }, /* 135 */ + { 0x09, 137, 0, 7, "c2onb191v5" }, /* 136 */ + { 0x0A, 138, 0, 7, "c2pnb208w1" }, /* 137 */ + { 0x0B, 139, 0, 7, "c2tnb239v1" }, /* 138 */ + { 0x0C, 140, 0, 7, "c2tnb239v2" }, /* 139 */ + { 0x0D, 141, 0, 7, "c2tnb239v3" }, /* 140 */ + { 0x0E, 142, 0, 7, "c2onb239v4" }, /* 141 */ + { 0x0F, 143, 0, 7, "c2onb239v5" }, /* 142 */ + { 0x10, 144, 0, 7, "c2pnb272w1" }, /* 143 */ + { 0x11, 145, 0, 7, "c2pnb304w1" }, /* 144 */ + { 0x12, 146, 0, 7, "c2tnb359v1" }, /* 145 */ + { 0x13, 147, 0, 7, "c2pnb368w1" }, /* 146 */ + { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 147 */ + { 0x01, 0, 1, 6, "primeCurve" }, /* 148 */ + { 0x01, 150, 0, 7, "prime192v1" }, /* 149 */ + { 0x02, 151, 0, 7, "prime192v2" }, /* 150 */ + { 0x03, 152, 0, 7, "prime192v3" }, /* 151 */ + { 0x04, 153, 0, 7, "prime239v1" }, /* 152 */ + { 0x05, 154, 0, 7, "prime239v2" }, /* 153 */ + { 0x06, 155, 0, 7, "prime239v3" }, /* 154 */ + { 0x07, 0, 0, 7, "prime256v1" }, /* 155 */ + { 0x04, 0, 1, 5, "id-ecSigType" }, /* 156 */ + { 0x01, 158, 0, 6, "ecdsa-with-SHA1" }, /* 157 */ + { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 158 */ + { 0x01, 160, 0, 7, "ecdsa-with-SHA224" }, /* 159 */ + { 0x02, 161, 0, 7, "ecdsa-with-SHA256" }, /* 160 */ + { 0x03, 162, 0, 7, "ecdsa-with-SHA384" }, /* 161 */ + { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 162 */ + {0x2B, 314, 1, 0, "" }, /* 163 */ + { 0x06, 228, 1, 1, "dod" }, /* 164 */ + { 0x01, 0, 1, 2, "internet" }, /* 165 */ + { 0x04, 188, 1, 3, "private" }, /* 166 */ + { 0x01, 0, 1, 4, "enterprise" }, /* 167 */ + { 0x82, 181, 1, 5, "" }, /* 168 */ + { 0x37, 178, 1, 6, "Microsoft" }, /* 169 */ + { 0x0A, 174, 1, 7, "" }, /* 170 */ + { 0x03, 0, 1, 8, "" }, /* 171 */ + { 0x03, 173, 0, 9, "msSGC" }, /* 172 */ + { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 173 */ + { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 174 */ + { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 175 */ + { 0x02, 177, 0, 9, "msSmartcardLogon" }, /* 176 */ + { 0x03, 0, 0, 9, "msUPN" }, /* 177 */ + { 0xA0, 0, 1, 6, "" }, /* 178 */ + { 0x2A, 0, 1, 7, "ITA" }, /* 179 */ + { 0x01, 0, 0, 8, "strongSwan" }, /* 180 */ + { 0x89, 0, 1, 5, "" }, /* 181 */ + { 0x31, 0, 1, 6, "" }, /* 182 */ + { 0x01, 0, 1, 7, "" }, /* 183 */ + { 0x01, 0, 1, 8, "" }, /* 184 */ + { 0x02, 0, 1, 9, "" }, /* 185 */ + { 0x02, 0, 1, 10, "" }, /* 186 */ + { 0x4B, 0, 0, 11, "TCGID" }, /* 187 */ + { 0x05, 0, 1, 3, "security" }, /* 188 */ + { 0x05, 0, 1, 4, "mechanisms" }, /* 189 */ + { 0x07, 0, 1, 5, "id-pkix" }, /* 190 */ + { 0x01, 195, 1, 6, "id-pe" }, /* 191 */ + { 0x01, 193, 0, 7, "authorityInfoAccess" }, /* 192 */ + { 0x03, 194, 0, 7, "qcStatements" }, /* 193 */ + { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 194 */ + { 0x02, 198, 1, 6, "id-qt" }, /* 195 */ + { 0x01, 197, 0, 7, "cps" }, /* 196 */ + { 0x02, 0, 0, 7, "unotice" }, /* 197 */ + { 0x03, 208, 1, 6, "id-kp" }, /* 198 */ + { 0x01, 200, 0, 7, "serverAuth" }, /* 199 */ + { 0x02, 201, 0, 7, "clientAuth" }, /* 200 */ + { 0x03, 202, 0, 7, "codeSigning" }, /* 201 */ + { 0x04, 203, 0, 7, "emailProtection" }, /* 202 */ + { 0x05, 204, 0, 7, "ipsecEndSystem" }, /* 203 */ + { 0x06, 205, 0, 7, "ipsecTunnel" }, /* 204 */ + { 0x07, 206, 0, 7, "ipsecUser" }, /* 205 */ + { 0x08, 207, 0, 7, "timeStamping" }, /* 206 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 207 */ + { 0x08, 210, 1, 6, "id-otherNames" }, /* 208 */ + { 0x05, 0, 0, 7, "xmppAddr" }, /* 209 */ + { 0x0A, 215, 1, 6, "id-aca" }, /* 210 */ + { 0x01, 212, 0, 7, "authenticationInfo" }, /* 211 */ + { 0x02, 213, 0, 7, "accessIdentity" }, /* 212 */ + { 0x03, 214, 0, 7, "chargingIdentity" }, /* 213 */ + { 0x04, 0, 0, 7, "group" }, /* 214 */ + { 0x0B, 216, 0, 6, "subjectInfoAccess" }, /* 215 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 216 */ + { 0x01, 225, 1, 7, "ocsp" }, /* 217 */ + { 0x01, 219, 0, 8, "basic" }, /* 218 */ + { 0x02, 220, 0, 8, "nonce" }, /* 219 */ + { 0x03, 221, 0, 8, "crl" }, /* 220 */ + { 0x04, 222, 0, 8, "response" }, /* 221 */ + { 0x05, 223, 0, 8, "noCheck" }, /* 222 */ + { 0x06, 224, 0, 8, "archiveCutoff" }, /* 223 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 224 */ + { 0x02, 226, 0, 7, "caIssuers" }, /* 225 */ + { 0x03, 227, 0, 7, "timeStamping" }, /* 226 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 227 */ + { 0x0E, 234, 1, 1, "oiw" }, /* 228 */ + { 0x03, 0, 1, 2, "secsig" }, /* 229 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 230 */ + { 0x07, 232, 0, 4, "des-cbc" }, /* 231 */ + { 0x1A, 233, 0, 4, "sha-1" }, /* 232 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 233 */ + { 0x24, 280, 1, 1, "TeleTrusT" }, /* 234 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 235 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 236 */ + { 0x01, 241, 1, 4, "rsaSignature" }, /* 237 */ + { 0x02, 239, 0, 5, "rsaSigWithripemd160" }, /* 238 */ + { 0x03, 240, 0, 5, "rsaSigWithripemd128" }, /* 239 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 240 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 241 */ + { 0x01, 243, 0, 5, "ecSignWithsha1" }, /* 242 */ + { 0x02, 244, 0, 5, "ecSignWithripemd160" }, /* 243 */ + { 0x03, 245, 0, 5, "ecSignWithmd2" }, /* 244 */ + { 0x04, 246, 0, 5, "ecSignWithmd5" }, /* 245 */ + { 0x05, 263, 1, 5, "ttt-ecg" }, /* 246 */ + { 0x01, 251, 1, 6, "fieldType" }, /* 247 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 248 */ + { 0x01, 0, 1, 8, "basisType" }, /* 249 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 250 */ + { 0x02, 253, 1, 6, "keyType" }, /* 251 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 252 */ + { 0x03, 254, 0, 6, "curve" }, /* 253 */ + { 0x04, 261, 1, 6, "signatures" }, /* 254 */ + { 0x01, 256, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 255 */ + { 0x02, 257, 0, 7, "ecgdsa-with-SHA1" }, /* 256 */ + { 0x03, 258, 0, 7, "ecgdsa-with-SHA224" }, /* 257 */ + { 0x04, 259, 0, 7, "ecgdsa-with-SHA256" }, /* 258 */ + { 0x05, 260, 0, 7, "ecgdsa-with-SHA384" }, /* 259 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 260 */ + { 0x05, 0, 1, 6, "module" }, /* 261 */ + { 0x01, 0, 0, 7, "1" }, /* 262 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 263 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 264 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 265 */ + { 0x01, 267, 0, 8, "brainpoolP160r1" }, /* 266 */ + { 0x02, 268, 0, 8, "brainpoolP160t1" }, /* 267 */ + { 0x03, 269, 0, 8, "brainpoolP192r1" }, /* 268 */ + { 0x04, 270, 0, 8, "brainpoolP192t1" }, /* 269 */ + { 0x05, 271, 0, 8, "brainpoolP224r1" }, /* 270 */ + { 0x06, 272, 0, 8, "brainpoolP224t1" }, /* 271 */ + { 0x07, 273, 0, 8, "brainpoolP256r1" }, /* 272 */ + { 0x08, 274, 0, 8, "brainpoolP256t1" }, /* 273 */ + { 0x09, 275, 0, 8, "brainpoolP320r1" }, /* 274 */ + { 0x0A, 276, 0, 8, "brainpoolP320t1" }, /* 275 */ + { 0x0B, 277, 0, 8, "brainpoolP384r1" }, /* 276 */ + { 0x0C, 278, 0, 8, "brainpoolP384t1" }, /* 277 */ + { 0x0D, 279, 0, 8, "brainpoolP512r1" }, /* 278 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 279 */ + { 0x81, 0, 1, 1, "" }, /* 280 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 281 */ + { 0x00, 0, 1, 3, "curve" }, /* 282 */ + { 0x01, 284, 0, 4, "sect163k1" }, /* 283 */ + { 0x02, 285, 0, 4, "sect163r1" }, /* 284 */ + { 0x03, 286, 0, 4, "sect239k1" }, /* 285 */ + { 0x04, 287, 0, 4, "sect113r1" }, /* 286 */ + { 0x05, 288, 0, 4, "sect113r2" }, /* 287 */ + { 0x06, 289, 0, 4, "secp112r1" }, /* 288 */ + { 0x07, 290, 0, 4, "secp112r2" }, /* 289 */ + { 0x08, 291, 0, 4, "secp160r1" }, /* 290 */ + { 0x09, 292, 0, 4, "secp160k1" }, /* 291 */ + { 0x0A, 293, 0, 4, "secp256k1" }, /* 292 */ + { 0x0F, 294, 0, 4, "sect163r2" }, /* 293 */ + { 0x10, 295, 0, 4, "sect283k1" }, /* 294 */ + { 0x11, 296, 0, 4, "sect283r1" }, /* 295 */ + { 0x16, 297, 0, 4, "sect131r1" }, /* 296 */ + { 0x17, 298, 0, 4, "sect131r2" }, /* 297 */ + { 0x18, 299, 0, 4, "sect193r1" }, /* 298 */ + { 0x19, 300, 0, 4, "sect193r2" }, /* 299 */ + { 0x1A, 301, 0, 4, "sect233k1" }, /* 300 */ + { 0x1B, 302, 0, 4, "sect233r1" }, /* 301 */ + { 0x1C, 303, 0, 4, "secp128r1" }, /* 302 */ + { 0x1D, 304, 0, 4, "secp128r2" }, /* 303 */ + { 0x1E, 305, 0, 4, "secp160r2" }, /* 304 */ + { 0x1F, 306, 0, 4, "secp192k1" }, /* 305 */ + { 0x20, 307, 0, 4, "secp224k1" }, /* 306 */ + { 0x21, 308, 0, 4, "secp224r1" }, /* 307 */ + { 0x22, 309, 0, 4, "secp384r1" }, /* 308 */ + { 0x23, 310, 0, 4, "secp521r1" }, /* 309 */ + { 0x24, 311, 0, 4, "sect409k1" }, /* 310 */ + { 0x25, 312, 0, 4, "sect409r1" }, /* 311 */ + { 0x26, 313, 0, 4, "sect571k1" }, /* 312 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 313 */ + {0x60, 360, 1, 0, "" }, /* 314 */ + { 0x86, 0, 1, 1, "" }, /* 315 */ + { 0x48, 0, 1, 2, "" }, /* 316 */ + { 0x01, 0, 1, 3, "organization" }, /* 317 */ + { 0x65, 336, 1, 4, "gov" }, /* 318 */ + { 0x03, 0, 1, 5, "csor" }, /* 319 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 320 */ + { 0x01, 331, 1, 7, "aes" }, /* 321 */ + { 0x02, 323, 0, 8, "id-aes128-CBC" }, /* 322 */ + { 0x06, 324, 0, 8, "id-aes128-GCM" }, /* 323 */ + { 0x07, 325, 0, 8, "id-aes128-CCM" }, /* 324 */ + { 0x16, 326, 0, 8, "id-aes192-CBC" }, /* 325 */ + { 0x1A, 327, 0, 8, "id-aes192-GCM" }, /* 326 */ + { 0x1B, 328, 0, 8, "id-aes192-CCM" }, /* 327 */ + { 0x2A, 329, 0, 8, "id-aes256-CBC" }, /* 328 */ + { 0x2E, 330, 0, 8, "id-aes256-GCM" }, /* 329 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 330 */ + { 0x02, 0, 1, 7, "hashalgs" }, /* 331 */ + { 0x01, 333, 0, 8, "id-SHA-256" }, /* 332 */ + { 0x02, 334, 0, 8, "id-SHA-384" }, /* 333 */ + { 0x03, 335, 0, 8, "id-SHA-512" }, /* 334 */ + { 0x04, 0, 0, 8, "id-SHA-224" }, /* 335 */ + { 0x86, 0, 1, 4, "" }, /* 336 */ + { 0xf8, 0, 1, 5, "" }, /* 337 */ + { 0x42, 350, 1, 6, "netscape" }, /* 338 */ + { 0x01, 345, 1, 7, "" }, /* 339 */ + { 0x01, 341, 0, 8, "nsCertType" }, /* 340 */ + { 0x03, 342, 0, 8, "nsRevocationUrl" }, /* 341 */ + { 0x04, 343, 0, 8, "nsCaRevocationUrl" }, /* 342 */ + { 0x08, 344, 0, 8, "nsCaPolicyUrl" }, /* 343 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 344 */ + { 0x03, 348, 1, 7, "directory" }, /* 345 */ + { 0x01, 0, 1, 8, "" }, /* 346 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 347 */ + { 0x04, 0, 1, 7, "policy" }, /* 348 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 349 */ + { 0x45, 0, 1, 6, "verisign" }, /* 350 */ + { 0x01, 0, 1, 7, "pki" }, /* 351 */ + { 0x09, 0, 1, 8, "attributes" }, /* 352 */ + { 0x02, 354, 0, 9, "messageType" }, /* 353 */ + { 0x03, 355, 0, 9, "pkiStatus" }, /* 354 */ + { 0x04, 356, 0, 9, "failInfo" }, /* 355 */ + { 0x05, 357, 0, 9, "senderNonce" }, /* 356 */ + { 0x06, 358, 0, 9, "recipientNonce" }, /* 357 */ + { 0x07, 359, 0, 9, "transID" }, /* 358 */ + { 0x08, 0, 0, 9, "extensionReq" }, /* 359 */ + {0x67, 0, 1, 0, "" }, /* 360 */ + { 0x81, 0, 1, 1, "" }, /* 361 */ + { 0x05, 0, 1, 2, "" }, /* 362 */ + { 0x02, 0, 1, 3, "tcg-attribute" }, /* 363 */ + { 0x01, 365, 0, 4, "tcg-at-tpmManufacturer" }, /* 364 */ + { 0x02, 366, 0, 4, "tcg-at-tpmModel" }, /* 365 */ + { 0x03, 367, 0, 4, "tcg-at-tpmVersion" }, /* 366 */ + { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 367 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index e9de81ccf..61db061f7 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -49,16 +49,11 @@ extern const oid_t oid_names[]; #define OID_DELTA_CRL_INDICATOR 48 #define OID_NAME_CONSTRAINTS 51 #define OID_CRL_DISTRIBUTION_POINTS 52 -<<<<<<< HEAD -#define OID_ANY_POLICY 54 -#define OID_AUTHORITY_KEY_ID 56 -======= #define OID_CERTIFICATE_POLICIES 53 #define OID_ANY_POLICY 54 #define OID_POLICY_MAPPINGS 55 #define OID_AUTHORITY_KEY_ID 56 #define OID_POLICY_CONSTRAINTS 57 ->>>>>>> upstream/4.5.1 #define OID_EXTENDED_KEY_USAGE 58 #define OID_FRESHEST_CRL 60 #define OID_INHIBIT_ANY_POLICY 61 @@ -71,239 +66,155 @@ extern const oid_t oid_names[]; #define OID_MD2_WITH_RSA 90 #define OID_MD5_WITH_RSA 91 #define OID_SHA1_WITH_RSA 92 -#define OID_SHA256_WITH_RSA 93 -#define OID_SHA384_WITH_RSA 94 -#define OID_SHA512_WITH_RSA 95 -#define OID_SHA224_WITH_RSA 96 -#define OID_PKCS7_DATA 98 -#define OID_PKCS7_SIGNED_DATA 99 -#define OID_PKCS7_ENVELOPED_DATA 100 -#define OID_PKCS7_SIGNED_ENVELOPED_DATA 101 -#define OID_PKCS7_DIGESTED_DATA 102 -#define OID_PKCS7_ENCRYPTED_DATA 103 -#define OID_EMAIL_ADDRESS 105 -#define OID_UNSTRUCTURED_NAME 106 -#define OID_PKCS9_CONTENT_TYPE 107 -#define OID_PKCS9_MESSAGE_DIGEST 108 -#define OID_PKCS9_SIGNING_TIME 109 -#define OID_CHALLENGE_PASSWORD 111 -#define OID_EXTENSION_REQUEST 113 -#define OID_MD2 116 -#define OID_MD5 117 -#define OID_3DES_EDE_CBC 119 -#define OID_EC_PUBLICKEY 123 -#define OID_C2PNB163V1 126 -#define OID_C2PNB163V2 127 -#define OID_C2PNB163V3 128 -#define OID_C2PNB176W1 129 -#define OID_C2PNB191V1 130 -#define OID_C2PNB191V2 131 -#define OID_C2PNB191V3 132 -#define OID_C2PNB191V4 133 -#define OID_C2PNB191V5 134 -#define OID_C2PNB208W1 135 -#define OID_C2PNB239V1 136 -#define OID_C2PNB239V2 137 -#define OID_C2PNB239V3 138 -#define OID_C2PNB239V4 139 -#define OID_C2PNB239V5 140 -#define OID_C2PNB272W1 141 -#define OID_C2PNB304W1 142 -#define OID_C2PNB359V1 143 -#define OID_C2PNB368W1 144 -#define OID_C2PNB431R1 145 -#define OID_PRIME192V1 147 -#define OID_PRIME192V2 148 -#define OID_PRIME192V3 149 -#define OID_PRIME239V1 150 -#define OID_PRIME239V2 151 -#define OID_PRIME239V3 152 -#define OID_PRIME256V1 153 -#define OID_ECDSA_WITH_SHA1 155 -#define OID_ECDSA_WITH_SHA224 157 -#define OID_ECDSA_WITH_SHA256 158 -#define OID_ECDSA_WITH_SHA384 159 -#define OID_ECDSA_WITH_SHA512 160 -#define OID_USER_PRINCIPAL_NAME 175 -<<<<<<< HEAD -#define OID_TCGID 182 -#define OID_AUTHORITY_INFO_ACCESS 187 -#define OID_IP_ADDR_BLOCKS 189 -#define OID_SERVER_AUTH 194 -#define OID_CLIENT_AUTH 195 -#define OID_OCSP_SIGNING 202 -#define OID_XMPP_ADDR 204 -#define OID_AUTHENTICATION_INFO 206 -#define OID_ACCESS_IDENTITY 207 -#define OID_CHARGING_IDENTITY 208 -#define OID_GROUP 209 -#define OID_OCSP 212 -#define OID_BASIC 213 -#define OID_NONCE 214 -#define OID_CRL 215 -#define OID_RESPONSE 216 -#define OID_NO_CHECK 217 -#define OID_ARCHIVE_CUTOFF 218 -#define OID_SERVICE_LOCATOR 219 -#define OID_CA_ISSUERS 220 -#define OID_DES_CBC 226 -#define OID_SHA1 227 -#define OID_SHA1_WITH_RSA_OIW 228 -#define OID_ECGDSA_PUBKEY 247 -#define OID_ECGDSA_SIG_WITH_RIPEMD160 250 -#define OID_ECGDSA_SIG_WITH_SHA1 251 -#define OID_ECGDSA_SIG_WITH_SHA224 252 -#define OID_ECGDSA_SIG_WITH_SHA256 253 -#define OID_ECGDSA_SIG_WITH_SHA384 254 -#define OID_ECGDSA_SIG_WITH_SHA512 255 -#define OID_SECT163K1 278 -#define OID_SECT163R1 279 -#define OID_SECT239K1 280 -#define OID_SECT113R1 281 -#define OID_SECT113R2 282 -#define OID_SECT112R1 283 -#define OID_SECT112R2 284 -#define OID_SECT160R1 285 -#define OID_SECT160K1 286 -#define OID_SECT256K1 287 -#define OID_SECT163R2 288 -#define OID_SECT283K1 289 -#define OID_SECT283R1 290 -#define OID_SECT131R1 291 -#define OID_SECT131R2 292 -#define OID_SECT193R1 293 -#define OID_SECT193R2 294 -#define OID_SECT233K1 295 -#define OID_SECT233R1 296 -#define OID_SECT128R1 297 -#define OID_SECT128R2 298 -#define OID_SECT160R2 299 -#define OID_SECT192K1 300 -#define OID_SECT224K1 301 -#define OID_SECT224R1 302 -#define OID_SECT384R1 303 -#define OID_SECT521R1 304 -#define OID_SECT409K1 305 -#define OID_SECT409R1 306 -#define OID_SECT571K1 307 -#define OID_SECT571R1 308 -#define OID_AES128_CBC 317 -#define OID_AES128_GCM 318 -#define OID_AES128_CCM 319 -#define OID_AES192_CBC 320 -#define OID_AES192_GCM 321 -#define OID_AES192_CCM 322 -#define OID_AES256_CBC 323 -#define OID_AES256_GCM 324 -#define OID_AES256_CCM 325 -#define OID_SHA256 327 -#define OID_SHA384 328 -#define OID_SHA512 329 -#define OID_SHA224 330 -#define OID_NS_REVOCATION_URL 336 -#define OID_NS_CA_REVOCATION_URL 337 -#define OID_NS_CA_POLICY_URL 338 -#define OID_NS_COMMENT 339 -#define OID_EMPLOYEE_NUMBER 342 -#define OID_PKI_MESSAGE_TYPE 348 -#define OID_PKI_STATUS 349 -#define OID_PKI_FAIL_INFO 350 -#define OID_PKI_SENDER_NONCE 351 -#define OID_PKI_RECIPIENT_NONCE 352 -#define OID_PKI_TRANS_ID 353 - -#define OID_MAX 356 -======= -#define OID_STRONGSWAN 178 -#define OID_TCGID 185 -#define OID_AUTHORITY_INFO_ACCESS 190 -#define OID_IP_ADDR_BLOCKS 192 -#define OID_POLICY_QUALIFIER_CPS 194 -#define OID_POLICY_QUALIFIER_UNOTICE 195 -#define OID_SERVER_AUTH 197 -#define OID_CLIENT_AUTH 198 -#define OID_OCSP_SIGNING 205 -#define OID_XMPP_ADDR 207 -#define OID_AUTHENTICATION_INFO 209 -#define OID_ACCESS_IDENTITY 210 -#define OID_CHARGING_IDENTITY 211 -#define OID_GROUP 212 -#define OID_OCSP 215 -#define OID_BASIC 216 -#define OID_NONCE 217 -#define OID_CRL 218 -#define OID_RESPONSE 219 -#define OID_NO_CHECK 220 -#define OID_ARCHIVE_CUTOFF 221 -#define OID_SERVICE_LOCATOR 222 -#define OID_CA_ISSUERS 223 -#define OID_DES_CBC 229 -#define OID_SHA1 230 -#define OID_SHA1_WITH_RSA_OIW 231 -#define OID_ECGDSA_PUBKEY 250 -#define OID_ECGDSA_SIG_WITH_RIPEMD160 253 -#define OID_ECGDSA_SIG_WITH_SHA1 254 -#define OID_ECGDSA_SIG_WITH_SHA224 255 -#define OID_ECGDSA_SIG_WITH_SHA256 256 -#define OID_ECGDSA_SIG_WITH_SHA384 257 -#define OID_ECGDSA_SIG_WITH_SHA512 258 -#define OID_SECT163K1 281 -#define OID_SECT163R1 282 -#define OID_SECT239K1 283 -#define OID_SECT113R1 284 -#define OID_SECT113R2 285 -#define OID_SECT112R1 286 -#define OID_SECT112R2 287 -#define OID_SECT160R1 288 -#define OID_SECT160K1 289 -#define OID_SECT256K1 290 -#define OID_SECT163R2 291 -#define OID_SECT283K1 292 -#define OID_SECT283R1 293 -#define OID_SECT131R1 294 -#define OID_SECT131R2 295 -#define OID_SECT193R1 296 -#define OID_SECT193R2 297 -#define OID_SECT233K1 298 -#define OID_SECT233R1 299 -#define OID_SECT128R1 300 -#define OID_SECT128R2 301 -#define OID_SECT160R2 302 -#define OID_SECT192K1 303 -#define OID_SECT224K1 304 -#define OID_SECT224R1 305 -#define OID_SECT384R1 306 -#define OID_SECT521R1 307 -#define OID_SECT409K1 308 -#define OID_SECT409R1 309 -#define OID_SECT571K1 310 -#define OID_SECT571R1 311 -#define OID_AES128_CBC 320 -#define OID_AES128_GCM 321 -#define OID_AES128_CCM 322 -#define OID_AES192_CBC 323 -#define OID_AES192_GCM 324 -#define OID_AES192_CCM 325 -#define OID_AES256_CBC 326 -#define OID_AES256_GCM 327 -#define OID_AES256_CCM 328 -#define OID_SHA256 330 -#define OID_SHA384 331 -#define OID_SHA512 332 -#define OID_SHA224 333 -#define OID_NS_REVOCATION_URL 339 -#define OID_NS_CA_REVOCATION_URL 340 -#define OID_NS_CA_POLICY_URL 341 -#define OID_NS_COMMENT 342 -#define OID_EMPLOYEE_NUMBER 345 -#define OID_PKI_MESSAGE_TYPE 351 -#define OID_PKI_STATUS 352 -#define OID_PKI_FAIL_INFO 353 -#define OID_PKI_SENDER_NONCE 354 -#define OID_PKI_RECIPIENT_NONCE 355 -#define OID_PKI_TRANS_ID 356 +#define OID_RSAES_OAEP 93 +#define OID_SHA256_WITH_RSA 95 +#define OID_SHA384_WITH_RSA 96 +#define OID_SHA512_WITH_RSA 97 +#define OID_SHA224_WITH_RSA 98 +#define OID_PKCS7_DATA 100 +#define OID_PKCS7_SIGNED_DATA 101 +#define OID_PKCS7_ENVELOPED_DATA 102 +#define OID_PKCS7_SIGNED_ENVELOPED_DATA 103 +#define OID_PKCS7_DIGESTED_DATA 104 +#define OID_PKCS7_ENCRYPTED_DATA 105 +#define OID_EMAIL_ADDRESS 107 +#define OID_UNSTRUCTURED_NAME 108 +#define OID_PKCS9_CONTENT_TYPE 109 +#define OID_PKCS9_MESSAGE_DIGEST 110 +#define OID_PKCS9_SIGNING_TIME 111 +#define OID_CHALLENGE_PASSWORD 113 +#define OID_UNSTRUCTURED_ADDRESS 114 +#define OID_EXTENSION_REQUEST 115 +#define OID_MD2 118 +#define OID_MD5 119 +#define OID_3DES_EDE_CBC 121 +#define OID_EC_PUBLICKEY 125 +#define OID_C2PNB163V1 128 +#define OID_C2PNB163V2 129 +#define OID_C2PNB163V3 130 +#define OID_C2PNB176W1 131 +#define OID_C2PNB191V1 132 +#define OID_C2PNB191V2 133 +#define OID_C2PNB191V3 134 +#define OID_C2PNB191V4 135 +#define OID_C2PNB191V5 136 +#define OID_C2PNB208W1 137 +#define OID_C2PNB239V1 138 +#define OID_C2PNB239V2 139 +#define OID_C2PNB239V3 140 +#define OID_C2PNB239V4 141 +#define OID_C2PNB239V5 142 +#define OID_C2PNB272W1 143 +#define OID_C2PNB304W1 144 +#define OID_C2PNB359V1 145 +#define OID_C2PNB368W1 146 +#define OID_C2PNB431R1 147 +#define OID_PRIME192V1 149 +#define OID_PRIME192V2 150 +#define OID_PRIME192V3 151 +#define OID_PRIME239V1 152 +#define OID_PRIME239V2 153 +#define OID_PRIME239V3 154 +#define OID_PRIME256V1 155 +#define OID_ECDSA_WITH_SHA1 157 +#define OID_ECDSA_WITH_SHA224 159 +#define OID_ECDSA_WITH_SHA256 160 +#define OID_ECDSA_WITH_SHA384 161 +#define OID_ECDSA_WITH_SHA512 162 +#define OID_USER_PRINCIPAL_NAME 177 +#define OID_STRONGSWAN 180 +#define OID_TCGID 187 +#define OID_AUTHORITY_INFO_ACCESS 192 +#define OID_IP_ADDR_BLOCKS 194 +#define OID_POLICY_QUALIFIER_CPS 196 +#define OID_POLICY_QUALIFIER_UNOTICE 197 +#define OID_SERVER_AUTH 199 +#define OID_CLIENT_AUTH 200 +#define OID_OCSP_SIGNING 207 +#define OID_XMPP_ADDR 209 +#define OID_AUTHENTICATION_INFO 211 +#define OID_ACCESS_IDENTITY 212 +#define OID_CHARGING_IDENTITY 213 +#define OID_GROUP 214 +#define OID_OCSP 217 +#define OID_BASIC 218 +#define OID_NONCE 219 +#define OID_CRL 220 +#define OID_RESPONSE 221 +#define OID_NO_CHECK 222 +#define OID_ARCHIVE_CUTOFF 223 +#define OID_SERVICE_LOCATOR 224 +#define OID_CA_ISSUERS 225 +#define OID_DES_CBC 231 +#define OID_SHA1 232 +#define OID_SHA1_WITH_RSA_OIW 233 +#define OID_ECGDSA_PUBKEY 252 +#define OID_ECGDSA_SIG_WITH_RIPEMD160 255 +#define OID_ECGDSA_SIG_WITH_SHA1 256 +#define OID_ECGDSA_SIG_WITH_SHA224 257 +#define OID_ECGDSA_SIG_WITH_SHA256 258 +#define OID_ECGDSA_SIG_WITH_SHA384 259 +#define OID_ECGDSA_SIG_WITH_SHA512 260 +#define OID_SECT163K1 283 +#define OID_SECT163R1 284 +#define OID_SECT239K1 285 +#define OID_SECT113R1 286 +#define OID_SECT113R2 287 +#define OID_SECT112R1 288 +#define OID_SECT112R2 289 +#define OID_SECT160R1 290 +#define OID_SECT160K1 291 +#define OID_SECT256K1 292 +#define OID_SECT163R2 293 +#define OID_SECT283K1 294 +#define OID_SECT283R1 295 +#define OID_SECT131R1 296 +#define OID_SECT131R2 297 +#define OID_SECT193R1 298 +#define OID_SECT193R2 299 +#define OID_SECT233K1 300 +#define OID_SECT233R1 301 +#define OID_SECT128R1 302 +#define OID_SECT128R2 303 +#define OID_SECT160R2 304 +#define OID_SECT192K1 305 +#define OID_SECT224K1 306 +#define OID_SECT224R1 307 +#define OID_SECT384R1 308 +#define OID_SECT521R1 309 +#define OID_SECT409K1 310 +#define OID_SECT409R1 311 +#define OID_SECT571K1 312 +#define OID_SECT571R1 313 +#define OID_AES128_CBC 322 +#define OID_AES128_GCM 323 +#define OID_AES128_CCM 324 +#define OID_AES192_CBC 325 +#define OID_AES192_GCM 326 +#define OID_AES192_CCM 327 +#define OID_AES256_CBC 328 +#define OID_AES256_GCM 329 +#define OID_AES256_CCM 330 +#define OID_SHA256 332 +#define OID_SHA384 333 +#define OID_SHA512 334 +#define OID_SHA224 335 +#define OID_NS_REVOCATION_URL 341 +#define OID_NS_CA_REVOCATION_URL 342 +#define OID_NS_CA_POLICY_URL 343 +#define OID_NS_COMMENT 344 +#define OID_EMPLOYEE_NUMBER 347 +#define OID_PKI_MESSAGE_TYPE 353 +#define OID_PKI_STATUS 354 +#define OID_PKI_FAIL_INFO 355 +#define OID_PKI_SENDER_NONCE 356 +#define OID_PKI_RECIPIENT_NONCE 357 +#define OID_PKI_TRANS_ID 358 +#define OID_TPM_MANUFACTURER 364 +#define OID_TPM_MODEL 365 +#define OID_TPM_VERSION 366 +#define OID_TPM_ID_LABEL 367 -#define OID_MAX 359 ->>>>>>> upstream/4.5.1 +#define OID_MAX 368 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index bf37dd624..f16287cb2 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -51,19 +51,11 @@ 0x1D "certificateIssuer" 0x1E "nameConstraints" OID_NAME_CONSTRAINTS 0x1F "crlDistributionPoints" OID_CRL_DISTRIBUTION_POINTS -<<<<<<< HEAD - 0x20 "certificatePolicies" - 0x00 "anyPolicy" OID_ANY_POLICY - 0x21 "policyMappings" - 0x23 "authorityKeyIdentifier" OID_AUTHORITY_KEY_ID - 0x24 "policyConstraints" -======= 0x20 "certificatePolicies" OID_CERTIFICATE_POLICIES 0x00 "anyPolicy" OID_ANY_POLICY 0x21 "policyMappings" OID_POLICY_MAPPINGS 0x23 "authorityKeyIdentifier" OID_AUTHORITY_KEY_ID 0x24 "policyConstraints" OID_POLICY_CONSTRAINTS ->>>>>>> upstream/4.5.1 0x25 "extendedKeyUsage" OID_EXTENDED_KEY_USAGE 0x00 "anyExtendedKeyUsage" 0x2E "freshestCRL" OID_FRESHEST_CRL @@ -99,6 +91,8 @@ 0x02 "md2WithRSAEncryption" OID_MD2_WITH_RSA 0x04 "md5WithRSAEncryption" OID_MD5_WITH_RSA 0x05 "sha-1WithRSAEncryption" OID_SHA1_WITH_RSA + 0x07 "id-RSAES-OAEP" OID_RSAES_OAEP + 0x09 "id-pSpecified" 0x0B "sha256WithRSAEncryption" OID_SHA256_WITH_RSA 0x0C "sha384WithRSAEncryption" OID_SHA384_WITH_RSA 0x0D "sha512WithRSAEncryption" OID_SHA512_WITH_RSA @@ -118,7 +112,7 @@ 0x05 "signingTime" OID_PKCS9_SIGNING_TIME 0x06 "counterSignature" 0x07 "challengePassword" OID_CHALLENGE_PASSWORD - 0x08 "unstructuredAddress" + 0x08 "unstructuredAddress" OID_UNSTRUCTURED_ADDRESS 0x0E "extensionRequest" OID_EXTENSION_REQUEST 0x0F "S/MIME Capabilities" 0x02 "digestAlgorithm" @@ -132,11 +126,7 @@ 0x01 "id-ecPublicKey" OID_EC_PUBLICKEY 0x03 "ellipticCurve" 0x00 "c-TwoCurve" -<<<<<<< HEAD - 0x01 "c2pnb163v1" OID_C2PNB163V1 -======= 0x01 "c2pnb163v1" OID_C2PNB163V1 ->>>>>>> upstream/4.5.1 0x02 "c2pnb163v2" OID_C2PNB163V2 0x03 "c2pnb163v3" OID_C2PNB163V3 0x04 "c2pnb176w1" OID_C2PNB176W1 @@ -186,23 +176,16 @@ 0x02 "msCertificateTypeExtension" 0x02 "msSmartcardLogon" 0x03 "msUPN" OID_USER_PRINCIPAL_NAME -<<<<<<< HEAD -======= 0xA0 "" 0x2A "ITA" 0x01 "strongSwan" OID_STRONGSWAN ->>>>>>> upstream/4.5.1 0x89 "" 0x31 "" 0x01 "" 0x01 "" 0x02 "" 0x02 "" -<<<<<<< HEAD - 0x4B "TCGID" OID_TCGID -======= 0x4B "TCGID" OID_TCGID ->>>>>>> upstream/4.5.1 0x05 "security" 0x05 "mechanisms" 0x07 "id-pkix" @@ -211,13 +194,8 @@ 0x03 "qcStatements" 0x07 "ipAddrBlocks" OID_IP_ADDR_BLOCKS 0x02 "id-qt" -<<<<<<< HEAD - 0x01 "cps" - 0x02 "unotice" -======= 0x01 "cps" OID_POLICY_QUALIFIER_CPS 0x02 "unotice" OID_POLICY_QUALIFIER_UNOTICE ->>>>>>> upstream/4.5.1 0x03 "id-kp" 0x01 "serverAuth" OID_SERVER_AUTH 0x02 "clientAuth" OID_CLIENT_AUTH @@ -380,4 +358,11 @@ 0x06 "recipientNonce" OID_PKI_RECIPIENT_NONCE 0x07 "transID" OID_PKI_TRANS_ID 0x08 "extensionReq" - +0x67 "" + 0x81 "" + 0x05 "" + 0x02 "tcg-attribute" + 0x01 "tcg-at-tpmManufacturer" OID_TPM_MANUFACTURER + 0x02 "tcg-at-tpmModel" OID_TPM_MODEL + 0x03 "tcg-at-tpmVersion" OID_TPM_VERSION + 0x0F "tcg-at-tpmIdLabel" OID_TPM_ID_LABEL diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h index f94bdfbf2..63644ac78 100644 --- a/src/libstrongswan/chunk.h +++ b/src/libstrongswan/chunk.h @@ -175,7 +175,7 @@ static inline void chunk_clear(chunk_t *chunk) { if (chunk->ptr) { - memset(chunk->ptr, 0, chunk->len); + memwipe(chunk->ptr, chunk->len); chunk_free(chunk); } } diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 9c7df81a6..23a3f62d9 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -131,19 +131,13 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)entry->value; cert->destroy(cert); break; } -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -155,11 +149,8 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 break; } } @@ -185,11 +176,8 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 /* integer type */ enumerator->current->value = (void*)(uintptr_t)va_arg(args, u_int); break; @@ -200,18 +188,12 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 /* pointer type */ enumerator->current->value = va_arg(args, void*); break; @@ -263,11 +245,8 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_RULE_EAP_TYPE: return (void*)EAP_NAK; case AUTH_RULE_EAP_VENDOR: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 return (void*)0; case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: @@ -279,18 +258,12 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 default: return NULL; } @@ -313,11 +286,8 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 /* integer type */ entry->value = (void*)(uintptr_t)va_arg(args, u_int); break; @@ -328,18 +298,12 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 /* pointer type */ entry->value = va_arg(args, void*); break; @@ -410,40 +374,6 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: { -<<<<<<< HEAD - cert_validation_t validated, required; - - required = (uintptr_t)value; - validated = (uintptr_t)get(this, t1); - switch (required) - { - case VALIDATION_FAILED: - /* no constraint */ - break; - case VALIDATION_SKIPPED: - if (validated == VALIDATION_SKIPPED) - { - break; - } - /* FALL */ - case VALIDATION_GOOD: - if (validated == VALIDATION_GOOD) - { - break; - } - /* FALL */ - default: - success = FALSE; - if (log_error) - { - DBG1(DBG_CFG, "constraint check failed: %N is %N, " - "but requires at least %N", auth_rule_names, - t1, cert_validation_names, validated, - cert_validation_names, required); - } - break; - } -======= uintptr_t validated; e2 = create_enumerator(this); @@ -483,7 +413,6 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, } } e2->destroy(e2); ->>>>>>> upstream/4.5.1 break; } case AUTH_RULE_IDENTITY: @@ -567,8 +496,6 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, e2->destroy(e2); break; } -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: { @@ -634,15 +561,11 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, } break; } ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 /* skip helpers */ continue; } @@ -689,10 +612,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)value; @@ -704,11 +624,8 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_AUTH_CLASS: case AUTH_RULE_EAP_TYPE: case AUTH_RULE_EAP_VENDOR: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 { add(this, type, (uintptr_t)value); break; @@ -723,10 +640,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy add(this, type, id->clone(id)); break; } -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -779,11 +693,8 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 { if (i1->value == i2->value) { @@ -797,10 +708,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 { certificate_t *c1, *c2; @@ -831,10 +739,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) } continue; } -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -917,19 +822,13 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)entry->value; clone->add(clone, entry->type, cert->get_ref(cert)); break; } -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -941,11 +840,8 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 clone->add(clone, entry->type, (uintptr_t)entry->value); break; } diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index 659a7c9ef..489ce1134 100644 --- a/src/libstrongswan/credentials/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -90,15 +90,12 @@ enum auth_rule_t { * The group membership constraint is fulfilled if the subject is member of * one group defined in the constraints. */ AUTH_RULE_GROUP, -<<<<<<< HEAD -======= /** required RSA public key strength, u_int in bits */ AUTH_RULE_RSA_STRENGTH, /** required ECDSA public key strength, u_int in bits */ AUTH_RULE_ECDSA_STRENGTH, /** certificatePolicy constraint, numerical OID as char* */ AUTH_RULE_CERT_POLICY, ->>>>>>> upstream/4.5.1 /** intermediate certificate, certificate_t* */ AUTH_HELPER_IM_CERT, @@ -108,11 +105,8 @@ enum auth_rule_t { AUTH_HELPER_IM_HASH_URL, /** Hash and URL of a end-entity certificate, char* */ AUTH_HELPER_SUBJECT_HASH_URL, -<<<<<<< HEAD -======= /** revocation certificate (CRL, OCSP), certificate_t* */ AUTH_HELPER_REVOCATION_CERT, ->>>>>>> upstream/4.5.1 }; /** diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c index 4d3a78eab..f9a277a2c 100644 --- a/src/libstrongswan/credentials/builder.c +++ b/src/libstrongswan/credentials/builder.c @@ -43,10 +43,6 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_CRL_DISTRIBUTION_POINTS", "BUILD_OCSP_ACCESS_LOCATIONS", "BUILD_PATHLEN", -<<<<<<< HEAD - "BUILD_X509_FLAG", - "BUILD_REVOKED_ENUMERATOR", -======= "BUILD_PERMITTED_NAME_CONSTRAINTS", "BUILD_EXCLUDED_NAME_CONSTRAINTS", "BUILD_CERTIFICATE_POLICIES", @@ -57,7 +53,6 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_X509_FLAG", "BUILD_REVOKED_ENUMERATOR", "BUILD_BASE_CRL", ->>>>>>> upstream/4.5.1 "BUILD_CHALLENGE_PWD", "BUILD_PKCS11_MODULE", "BUILD_PKCS11_SLOT", diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h index fc93a6007..325b668cd 100644 --- a/src/libstrongswan/credentials/builder.h +++ b/src/libstrongswan/credentials/builder.h @@ -87,18 +87,12 @@ enum builder_part_t { BUILD_CA_CERT, /** a certificate, certificate_t* */ BUILD_CERT, -<<<<<<< HEAD - /** CRL distribution point URIs, linked_list_t* containing char* */ -======= /** CRL distribution point URIs, x509_cdp_t* */ ->>>>>>> upstream/4.5.1 BUILD_CRL_DISTRIBUTION_POINTS, /** OCSP AuthorityInfoAccess locations, linked_list_t* containing char* */ BUILD_OCSP_ACCESS_LOCATIONS, /** certificate path length constraint */ BUILD_PATHLEN, -<<<<<<< HEAD -======= /** permitted X509 name constraints, linked_list_t* of identification_t* */ BUILD_PERMITTED_NAME_CONSTRAINTS, /** excluded X509 name constraints, linked_list_t* of identification_t* */ @@ -113,16 +107,12 @@ enum builder_part_t { BUILD_POLICY_INHIBIT_MAPPING, /** inhibitAnyPolicy constraint, int */ BUILD_POLICY_INHIBIT_ANY, ->>>>>>> upstream/4.5.1 /** enforce an additional X509 flag, x509_flag_t */ BUILD_X509_FLAG, /** enumerator_t over (chunk_t serial, time_t date, crl_reason_t reason) */ BUILD_REVOKED_ENUMERATOR, -<<<<<<< HEAD -======= /** Base CRL serial for a delta CRL, chunk_t, */ BUILD_BASE_CRL, ->>>>>>> upstream/4.5.1 /** PKCS#10 challenge password */ BUILD_CHALLENGE_PWD, /** friendly name of a PKCS#11 module, null terminated char* */ diff --git a/src/libstrongswan/credentials/cert_validator.h b/src/libstrongswan/credentials/cert_validator.h index f329281d3..733d9d612 100644 --- a/src/libstrongswan/credentials/cert_validator.h +++ b/src/libstrongswan/credentials/cert_validator.h @@ -40,14 +40,6 @@ struct cert_validator_t { * @param subject subject certificate to check * @param issuer issuer of subject * @param online wheter to do online revocation checking -<<<<<<< HEAD - * @param pathlen the current length of the path up to the root CA - * @param auth container for resulting authentication info - */ - bool (*validate)(cert_validator_t *this, certificate_t *subject, - certificate_t *issuer, bool online, int pathlen, - auth_cfg_t *auth); -======= * @param pathlen the current length of the path bottom-up * @param anchor is issuer trusted root anchor * @param auth container for resulting authentication info @@ -55,7 +47,6 @@ struct cert_validator_t { bool (*validate)(cert_validator_t *this, certificate_t *subject, certificate_t *issuer, bool online, u_int pathlen, bool anchor, auth_cfg_t *auth); ->>>>>>> upstream/4.5.1 }; #endif /** CERT_VALIDATOR_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h index 11ad7f2f3..2f3497474 100644 --- a/src/libstrongswan/credentials/certificates/crl.h +++ b/src/libstrongswan/credentials/certificates/crl.h @@ -72,8 +72,6 @@ struct crl_t { chunk_t (*get_authKeyIdentifier)(crl_t *this); /** -<<<<<<< HEAD -======= * Is this CRL a delta CRL? * * @param base_crl gets to baseCrlNumber, if this is a delta CRL @@ -89,7 +87,6 @@ struct crl_t { enumerator_t* (*create_delta_crl_uri_enumerator)(crl_t *this); /** ->>>>>>> upstream/4.5.1 * Create an enumerator over all revoked certificates. * * The enumerator takes 3 pointer arguments: diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index 3ab26c8c5..fec02dbad 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -24,12 +24,6 @@ #include <utils/enumerator.h> #include <credentials/certificates/certificate.h> -<<<<<<< HEAD -#define X509_NO_PATH_LEN_CONSTRAINT -1 - -typedef struct x509_t x509_t; -typedef enum x509_flag_t x509_flag_t; -======= /* constraints are currently restricted to the range 0..127 */ #define X509_NO_CONSTRAINT 255 @@ -39,7 +33,6 @@ typedef struct x509_policy_mapping_t x509_policy_mapping_t; typedef struct x509_cdp_t x509_cdp_t; typedef enum x509_flag_t x509_flag_t; typedef enum x509_constraint_t x509_constraint_t; ->>>>>>> upstream/4.5.1 /** * X.509 certificate flags. @@ -61,14 +54,6 @@ enum x509_flag_t { X509_SELF_SIGNED = (1<<5), /** cert has an ipAddrBlocks extension */ X509_IP_ADDR_BLOCKS = (1<<6), -<<<<<<< HEAD -}; - -/** - * enum names for x509 flags - */ -extern enum_name_t *x509_flag_names; -======= /** cert has CRL sign key usage */ X509_CRL_SIGN = (1<<7), }; @@ -118,7 +103,6 @@ struct x509_cdp_t { /** CRL issuer */ identification_t *issuer; }; ->>>>>>> upstream/4.5.1 /** * X.509 certificate interface. @@ -162,20 +146,12 @@ struct x509_t { chunk_t (*get_authKeyIdentifier)(x509_t *this); /** -<<<<<<< HEAD - * Get an optional path length constraint. - * - * @return pathLenConstraint, -1 if no constraint exists - */ - int (*get_pathLenConstraint)(x509_t *this); -======= * Get a numerical X.509 constraint. * * @param type type of constraint to get * @return constraint, X509_NO_CONSTRAINT if none found */ u_int (*get_constraint)(x509_t *this, x509_constraint_t type); ->>>>>>> upstream/4.5.1 /** * Create an enumerator over all subjectAltNames. @@ -185,15 +161,9 @@ struct x509_t { enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this); /** -<<<<<<< HEAD - * Create an enumerator over all CRL URIs. - * - * @return enumerator over URIs as char* -======= * Create an enumerator over all CRL URIs and CRL Issuers. * * @return enumerator over x509_cdp_t ->>>>>>> upstream/4.5.1 */ enumerator_t* (*create_crl_uri_enumerator)(x509_t *this); @@ -210,8 +180,6 @@ struct x509_t { * @return enumerator over ipAddrBlocks as traffic_selector_t* */ enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this); -<<<<<<< HEAD -======= /** * Create an enumerator over name constraints. @@ -236,7 +204,6 @@ struct x509_t { enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this); ->>>>>>> upstream/4.5.1 }; #endif /** X509_H_ @}*/ diff --git a/src/libstrongswan/credentials/cred_encoding.c b/src/libstrongswan/credentials/cred_encoding.c index edd76205b..ac3266f4c 100644 --- a/src/libstrongswan/credentials/cred_encoding.c +++ b/src/libstrongswan/credentials/cred_encoding.c @@ -180,8 +180,13 @@ static bool encode(private_cred_encoding_t *this, cred_encoding_type_t type, chunk = malloc_thing(chunk_t); *chunk = *encoding; this->lock->write_lock(this->lock); - this->cache[type]->put(this->cache[type], cache, chunk); + chunk = this->cache[type]->put(this->cache[type], cache, chunk); this->lock->unlock(this->lock); + if (chunk) + { + free(chunk->ptr); + free(chunk); + } } return success; } diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 3e54368ff..27b97eab3 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -452,13 +452,8 @@ static void cache_queue(private_credential_manager_t *this) * check a certificate for its lifetime */ static bool check_certificate(private_credential_manager_t *this, -<<<<<<< HEAD - certificate_t *subject, certificate_t *issuer, - bool online, int pathlen, auth_cfg_t *auth) -======= certificate_t *subject, certificate_t *issuer, bool online, int pathlen, bool trusted, auth_cfg_t *auth) ->>>>>>> upstream/4.5.1 { time_t not_before, not_after; cert_validator_t *validator; @@ -476,36 +471,12 @@ static bool check_certificate(private_credential_manager_t *this, ¬_before, FALSE, ¬_after, FALSE); return FALSE; } -<<<<<<< HEAD - if (issuer->get_type(issuer) == CERT_X509 && - subject->get_type(subject) == CERT_X509) - { - int pathlen_constraint; - x509_t *x509; - - /* check path length constraint */ - x509 = (x509_t*)issuer; - pathlen_constraint = x509->get_pathLenConstraint(x509); - if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && - pathlen > pathlen_constraint) - { - DBG1(DBG_CFG, "path length of %d violates constraint of %d", - pathlen, pathlen_constraint); - return FALSE; - } - } -======= ->>>>>>> upstream/4.5.1 enumerator = this->validators->create_enumerator(this->validators); while (enumerator->enumerate(enumerator, &validator)) { if (!validator->validate(validator, subject, issuer, -<<<<<<< HEAD - online, pathlen, auth)) -======= online, pathlen, trusted, auth)) ->>>>>>> upstream/4.5.1 { enumerator->destroy(enumerator); return FALSE; @@ -563,8 +534,6 @@ static certificate_t *get_issuer_cert(private_credential_manager_t *this, } /** -<<<<<<< HEAD -======= * Get the strength of certificate, add it to auth */ static void get_key_strength(certificate_t *cert, auth_cfg_t *auth) @@ -596,7 +565,6 @@ static void get_key_strength(certificate_t *cert, auth_cfg_t *auth) } /** ->>>>>>> upstream/4.5.1 * try to verify the trust chain of subject, return TRUE if trusted */ static bool verify_trust_chain(private_credential_manager_t *this, @@ -608,13 +576,9 @@ static bool verify_trust_chain(private_credential_manager_t *this, int pathlen; auth = auth_cfg_create(); -<<<<<<< HEAD - current = subject->get_ref(subject); -======= get_key_strength(subject, auth); current = subject->get_ref(subject); auth->add(auth, AUTH_RULE_SUBJECT_CERT, current->get_ref(current)); ->>>>>>> upstream/4.5.1 for (pathlen = 0; pathlen <= MAX_TRUST_PATH_LEN; pathlen++) { @@ -659,25 +623,17 @@ static bool verify_trust_chain(private_credential_manager_t *this, break; } } -<<<<<<< HEAD - if (!check_certificate(this, current, issuer, online, pathlen, - current == subject ? auth : NULL)) -======= if (!check_certificate(this, current, issuer, online, pathlen, trusted, auth)) ->>>>>>> upstream/4.5.1 { trusted = FALSE; issuer->destroy(issuer); break; } -<<<<<<< HEAD -======= if (issuer) { get_key_strength(issuer, auth); } ->>>>>>> upstream/4.5.1 current->destroy(current); current = issuer; if (trusted) @@ -701,8 +657,6 @@ static bool verify_trust_chain(private_credential_manager_t *this, } /** -<<<<<<< HEAD -======= * List find match function for certificates */ static bool cert_equals(certificate_t *a, certificate_t *b) @@ -711,7 +665,6 @@ static bool cert_equals(certificate_t *a, certificate_t *b) } /** ->>>>>>> upstream/4.5.1 * enumerator for trusted certificates */ typedef struct { @@ -731,11 +684,8 @@ typedef struct { certificate_t *pretrusted; /** currently enumerating auth config */ auth_cfg_t *auth; -<<<<<<< HEAD -======= /** list of failed candidates */ linked_list_t *failed; ->>>>>>> upstream/4.5.1 } trusted_enumerator_t; METHOD(enumerator_t, trusted_enumerate, bool, @@ -763,13 +713,6 @@ METHOD(enumerator_t, trusted_enumerate, bool, verify_trust_chain(this->this, this->pretrusted, this->auth, TRUE, this->online)) { -<<<<<<< HEAD - this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT, - this->pretrusted->get_ref(this->pretrusted)); - DBG1(DBG_CFG, " using trusted certificate \"%Y\"", - this->pretrusted->get_subject(this->pretrusted)); - *cert = this->pretrusted; -======= DBG1(DBG_CFG, " using trusted certificate \"%Y\"", this->pretrusted->get_subject(this->pretrusted)); *cert = this->pretrusted; @@ -778,7 +721,6 @@ METHOD(enumerator_t, trusted_enumerate, bool, this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT, this->pretrusted->get_ref(this->pretrusted)); } ->>>>>>> upstream/4.5.1 if (auth) { *auth = this->auth; @@ -796,15 +738,12 @@ METHOD(enumerator_t, trusted_enumerate, bool, continue; } -<<<<<<< HEAD -======= if (this->failed->find_first(this->failed, (void*)cert_equals, NULL, current) == SUCCESS) { /* check each candidate only once */ continue; } ->>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " using certificate \"%Y\"", current->get_subject(current)); if (verify_trust_chain(this->this, current, this->auth, FALSE, @@ -817,10 +756,7 @@ METHOD(enumerator_t, trusted_enumerate, bool, } return TRUE; } -<<<<<<< HEAD -======= this->failed->insert_last(this->failed, current->get_ref(current)); ->>>>>>> upstream/4.5.1 } return FALSE; } @@ -831,10 +767,7 @@ METHOD(enumerator_t, trusted_destroy, void, DESTROY_IF(this->pretrusted); DESTROY_IF(this->auth); DESTROY_IF(this->candidates); -<<<<<<< HEAD -======= this->failed->destroy_offset(this->failed, offsetof(certificate_t, destroy)); ->>>>>>> upstream/4.5.1 free(this); } @@ -853,10 +786,7 @@ METHOD(credential_manager_t, create_trusted_enumerator, enumerator_t*, .type = type, .id = id, .online = online, -<<<<<<< HEAD -======= .failed = linked_list_create(), ->>>>>>> upstream/4.5.1 ); return &enumerator->public; } diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c index de5b85bae..fecc9910e 100644 --- a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c +++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c @@ -189,11 +189,11 @@ static char* get_string(private_ietf_attributes_t *this) if (oid == OID_UNKNOWN) { - written = snprintf(pos, len, "0x#B", &attr->value); + written = snprintf(pos, len, "0x%#B", &attr->value); } else { - written = snprintf(pos, len, "%s", oid_names[oid]); + written = snprintf(pos, len, "%s", oid_names[oid].name); } break; } @@ -331,7 +331,7 @@ static bool matches(private_ietf_attributes_t *this, private_ietf_attributes_t * /* look for at least one common attribute */ while (TRUE) { - bool cmp = attr_a->compare(attr_a, attr_b); + int cmp = attr_a->compare(attr_a, attr_b); if (cmp == 0) { diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c index 046ccfd12..225fabe31 100644 --- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c @@ -132,12 +132,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert) } } else if (rule != AUTH_HELPER_SUBJECT_CERT && -<<<<<<< HEAD - rule != AUTH_HELPER_IM_CERT) -======= rule != AUTH_HELPER_IM_CERT && rule != AUTH_HELPER_REVOCATION_CERT) ->>>>>>> upstream/4.5.1 { /* handle only HELPER certificates */ continue; } diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c index 5a2385b72..e023e8443 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.c +++ b/src/libstrongswan/credentials/sets/mem_cred.c @@ -1,9 +1,6 @@ /* -<<<<<<< HEAD -======= * Copyright (C) 2010 Tobias Brunner * Hochschule fuer Technik Rapperwsil ->>>>>>> upstream/4.5.1 * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -59,14 +56,11 @@ struct private_mem_cred_t { * List of shared keys, as shared_entry_t */ linked_list_t *shared; -<<<<<<< HEAD -======= /** * List of CDPs, as cdp_t */ linked_list_t *cdps; ->>>>>>> upstream/4.5.1 }; /** @@ -157,23 +151,6 @@ static bool certificate_equals(certificate_t *item, certificate_t *cert) return item->equals(item, cert); } -<<<<<<< HEAD -METHOD(mem_cred_t, add_cert, void, - private_mem_cred_t *this, bool trusted, certificate_t *cert) -{ - this->lock->write_lock(this->lock); - if (this->untrusted->find_last(this->untrusted, - (linked_list_match_t)certificate_equals, NULL, cert) != SUCCESS) - { - if (trusted) - { - this->trusted->insert_last(this->trusted, cert->get_ref(cert)); - } - this->untrusted->insert_last(this->untrusted, cert->get_ref(cert)); - } - cert->destroy(cert); - this->lock->unlock(this->lock); -======= /** * Add a certificate the the cache. Returns a reference to "cert" or a * previously cached certificate that equals "cert". @@ -272,7 +249,6 @@ METHOD(mem_cred_t, add_crl, bool, } this->lock->unlock(this->lock); return new; ->>>>>>> upstream/4.5.1 } /** @@ -332,11 +308,7 @@ METHOD(mem_cred_t, add_key, void, private_mem_cred_t *this, private_key_t *key) { this->lock->write_lock(this->lock); -<<<<<<< HEAD - this->keys->insert_last(this->keys, key); -======= this->keys->insert_first(this->keys, key); ->>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -460,20 +432,6 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, (void*)shared_filter, data, (void*)shared_data_destroy); } -<<<<<<< HEAD -METHOD(mem_cred_t, add_shared, void, - private_mem_cred_t *this, shared_key_t *shared, ...) -{ - shared_entry_t *entry; - identification_t *id; - va_list args; - - INIT(entry, - .shared = shared, - .owners = linked_list_create(), - ); - -======= METHOD(mem_cred_t, add_shared_list, void, private_mem_cred_t *this, shared_key_t *shared, linked_list_t* owners) { @@ -496,27 +454,18 @@ METHOD(mem_cred_t, add_shared, void, linked_list_t *owners = linked_list_create(); va_list args; ->>>>>>> upstream/4.5.1 va_start(args, shared); do { id = va_arg(args, identification_t*); if (id) { -<<<<<<< HEAD - entry->owners->insert_last(entry->owners, id); -======= owners->insert_first(owners, id); ->>>>>>> upstream/4.5.1 } } while (id); va_end(args); -<<<<<<< HEAD - this->lock->write_lock(this->lock); - this->shared->insert_last(this->shared, entry); -======= add_shared_list(this, shared, owners); } @@ -614,7 +563,6 @@ METHOD(mem_cred_t, clear_secrets, void, this->shared->destroy_function(this->shared, (void*)shared_entry_destroy); this->keys = linked_list_create(); this->shared = linked_list_create(); ->>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -626,15 +574,6 @@ METHOD(mem_cred_t, clear_, void, offsetof(certificate_t, destroy)); this->untrusted->destroy_offset(this->untrusted, offsetof(certificate_t, destroy)); -<<<<<<< HEAD - this->keys->destroy_offset(this->keys, offsetof(private_key_t, destroy)); - this->shared->destroy_function(this->shared, (void*)shared_entry_destroy); - this->trusted = linked_list_create(); - this->untrusted = linked_list_create(); - this->keys = linked_list_create(); - this->shared = linked_list_create(); - this->lock->unlock(this->lock); -======= this->cdps->destroy_function(this->cdps, (void*)cdp_destroy); this->trusted = linked_list_create(); this->untrusted = linked_list_create(); @@ -642,7 +581,6 @@ METHOD(mem_cred_t, clear_, void, this->lock->unlock(this->lock); clear_secrets(this); ->>>>>>> upstream/4.5.1 } METHOD(mem_cred_t, destroy, void, @@ -653,10 +591,7 @@ METHOD(mem_cred_t, destroy, void, this->untrusted->destroy(this->untrusted); this->keys->destroy(this->keys); this->shared->destroy(this->shared); -<<<<<<< HEAD -======= this->cdps->destroy(this->cdps); ->>>>>>> upstream/4.5.1 this->lock->destroy(this->lock); free(this); } @@ -674,15 +609,6 @@ mem_cred_t *mem_cred_create() .create_shared_enumerator = _create_shared_enumerator, .create_private_enumerator = _create_private_enumerator, .create_cert_enumerator = _create_cert_enumerator, -<<<<<<< HEAD - .create_cdp_enumerator = (void*)return_null, - .cache_cert = (void*)nop, - }, - .add_cert = _add_cert, - .add_key = _add_key, - .add_shared = _add_shared, - .clear = _clear_, -======= .create_cdp_enumerator = _create_cdp_enumerator, .cache_cert = (void*)nop, }, @@ -695,17 +621,13 @@ mem_cred_t *mem_cred_create() .add_cdp = _add_cdp, .clear = _clear_, .clear_secrets = _clear_secrets, ->>>>>>> upstream/4.5.1 .destroy = _destroy, }, .trusted = linked_list_create(), .untrusted = linked_list_create(), .keys = linked_list_create(), .shared = linked_list_create(), -<<<<<<< HEAD -======= .cdps = linked_list_create(), ->>>>>>> upstream/4.5.1 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h index 274e07566..eb46b065b 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.h +++ b/src/libstrongswan/credentials/sets/mem_cred.h @@ -1,9 +1,6 @@ /* -<<<<<<< HEAD -======= * Copyright (C) 2010 Tobias Brunner * Hochschule fuer Technik Rapperswil ->>>>>>> upstream/4.5.1 * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -29,11 +26,8 @@ typedef struct mem_cred_t mem_cred_t; #include <credentials/credential_set.h> -<<<<<<< HEAD -======= #include <credentials/certificates/crl.h> #include <utils/linked_list.h> ->>>>>>> upstream/4.5.1 /** * Generic in-memory credential set. @@ -54,8 +48,6 @@ struct mem_cred_t { void (*add_cert)(mem_cred_t *this, bool trusted, certificate_t *cert); /** -<<<<<<< HEAD -======= * Add a certificate to the credential set, returning a reference to it or * to a cached duplicate. * @@ -76,7 +68,6 @@ struct mem_cred_t { bool (*add_crl)(mem_cred_t *this, crl_t *crl); /** ->>>>>>> upstream/4.5.1 * Add a private key to the credential set. * * @param key key, reference gets owned by set @@ -87,17 +78,11 @@ struct mem_cred_t { * Add a shared key to the credential set. * * @param shared shared key to add, gets owned by set -<<<<<<< HEAD - * @param ... NULL terminated list of owners identification_t* -======= * @param ... NULL terminated list of owners (identification_t*) ->>>>>>> upstream/4.5.1 */ void (*add_shared)(mem_cred_t *this, shared_key_t *shared, ...); /** -<<<<<<< HEAD -======= * Add a shared key to the credential set. * * @param shared shared key to add, gets owned by set @@ -116,21 +101,17 @@ struct mem_cred_t { identification_t *id, char *uri); /** ->>>>>>> upstream/4.5.1 * Clear all credentials from the credential set. */ void (*clear)(mem_cred_t *this); /** -<<<<<<< HEAD -======= * Clear the secrets (private and shared keys, not the certificates) from * the credential set. */ void (*clear_secrets)(mem_cred_t *this); /** ->>>>>>> upstream/4.5.1 * Destroy a mem_cred_t. */ void (*destroy)(mem_cred_t *this); diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index 96b4630f7..2d13896d6 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -20,15 +20,6 @@ #include <utils/linked_list.h> #include <crypto/crypto_tester.h> -<<<<<<< HEAD -typedef struct entry_t entry_t; -struct entry_t { - /* algorithm */ - u_int algo; - /* benchmarked speed */ - u_int speed; - /* constructor */ -======= const char *default_plugin_name = "default"; typedef struct entry_t entry_t; @@ -52,7 +43,6 @@ struct entry_t { /** * constructor */ ->>>>>>> upstream/4.5.1 union { crypter_constructor_t create_crypter; aead_constructor_t create_aead; @@ -154,12 +144,8 @@ METHOD(crypto_factory_t, create_crypter, crypter_t*, { if (this->test_on_create && !this->tester->test_crypter(this->tester, algo, key_size, -<<<<<<< HEAD - entry->create_crypter, NULL)) -======= entry->create_crypter, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -191,12 +177,8 @@ METHOD(crypto_factory_t, create_aead, aead_t*, { if (this->test_on_create && !this->tester->test_aead(this->tester, algo, key_size, -<<<<<<< HEAD - entry->create_aead, NULL)) -======= entry->create_aead, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -227,12 +209,8 @@ METHOD(crypto_factory_t, create_signer, signer_t*, { if (this->test_on_create && !this->tester->test_signer(this->tester, algo, -<<<<<<< HEAD - entry->create_signer, NULL)) -======= entry->create_signer, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -264,12 +242,8 @@ METHOD(crypto_factory_t, create_hasher, hasher_t*, { if (this->test_on_create && algo != HASH_PREFERRED && !this->tester->test_hasher(this->tester, algo, -<<<<<<< HEAD - entry->create_hasher, NULL)) -======= entry->create_hasher, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -300,12 +274,8 @@ METHOD(crypto_factory_t, create_prf, prf_t*, { if (this->test_on_create && !this->tester->test_prf(this->tester, algo, -<<<<<<< HEAD - entry->create_prf, NULL)) -======= entry->create_prf, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -337,12 +307,8 @@ METHOD(crypto_factory_t, create_rng, rng_t*, { if (this->test_on_create && !this->tester->test_rng(this->tester, quality, -<<<<<<< HEAD - entry->create_rng, NULL)) -======= entry->create_rng, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -406,12 +372,8 @@ METHOD(crypto_factory_t, create_dh, diffie_hellman_t*, * Insert an algorithm entry to a list */ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, -<<<<<<< HEAD - int algo, u_int speed, void *create) -======= int algo, const char *plugin_name, u_int speed, void *create) ->>>>>>> upstream/4.5.1 { entry_t *entry, *current; linked_list_t *tmp; @@ -419,10 +381,7 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, INIT(entry, .algo = algo, -<<<<<<< HEAD -======= .plugin_name = plugin_name, ->>>>>>> upstream/4.5.1 .speed = speed, ); entry->create = create; @@ -456,27 +415,16 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, } METHOD(crypto_factory_t, add_crypter, void, -<<<<<<< HEAD - private_crypto_factory_t *this, encryption_algorithm_t algo, - crypter_constructor_t create) -======= private_crypto_factory_t *this, encryption_algorithm_t algo, const char *plugin_name, crypter_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_crypter(this->tester, algo, 0, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->crypters, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->crypters, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -501,27 +449,16 @@ METHOD(crypto_factory_t, remove_crypter, void, } METHOD(crypto_factory_t, add_aead, void, -<<<<<<< HEAD - private_crypto_factory_t *this, encryption_algorithm_t algo, - aead_constructor_t create) -======= private_crypto_factory_t *this, encryption_algorithm_t algo, const char *plugin_name, aead_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_aead(this->tester, algo, 0, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->aeads, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->aeads, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -546,27 +483,16 @@ METHOD(crypto_factory_t, remove_aead, void, } METHOD(crypto_factory_t, add_signer, void, -<<<<<<< HEAD - private_crypto_factory_t *this, integrity_algorithm_t algo, - signer_constructor_t create) -======= private_crypto_factory_t *this, integrity_algorithm_t algo, const char *plugin_name, signer_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_signer(this->tester, algo, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->signers, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->signers, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -591,27 +517,16 @@ METHOD(crypto_factory_t, remove_signer, void, } METHOD(crypto_factory_t, add_hasher, void, -<<<<<<< HEAD - private_crypto_factory_t *this, hash_algorithm_t algo, - hasher_constructor_t create) -======= private_crypto_factory_t *this, hash_algorithm_t algo, const char *plugin_name, hasher_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_hasher(this->tester, algo, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->hashers, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->hashers, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -636,27 +551,16 @@ METHOD(crypto_factory_t, remove_hasher, void, } METHOD(crypto_factory_t, add_prf, void, -<<<<<<< HEAD - private_crypto_factory_t *this, pseudo_random_function_t algo, - prf_constructor_t create) -======= private_crypto_factory_t *this, pseudo_random_function_t algo, const char *plugin_name, prf_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_prf(this->tester, algo, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->prfs, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->prfs, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -682,25 +586,15 @@ METHOD(crypto_factory_t, remove_prf, void, METHOD(crypto_factory_t, add_rng, void, private_crypto_factory_t *this, rng_quality_t quality, -<<<<<<< HEAD - rng_constructor_t create) -======= const char *plugin_name, rng_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_rng(this->tester, quality, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->rngs, quality, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->rngs, quality, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -725,17 +619,10 @@ METHOD(crypto_factory_t, remove_rng, void, } METHOD(crypto_factory_t, add_dh, void, -<<<<<<< HEAD - private_crypto_factory_t *this, diffie_hellman_group_t group, - dh_constructor_t create) -{ - add_entry(this, this->dhs, group, 0, create); -======= private_crypto_factory_t *this, diffie_hellman_group_t group, const char *plugin_name, dh_constructor_t create) { add_entry(this, this->dhs, group, plugin_name, 0, create); ->>>>>>> upstream/4.5.1 } METHOD(crypto_factory_t, remove_dh, void, @@ -797,17 +684,11 @@ static enumerator_t *create_enumerator(private_crypto_factory_t *this, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool crypter_filter(void *n, entry_t **entry, encryption_algorithm_t *algo) -{ - *algo = (*entry)->algo; -======= static bool crypter_filter(void *n, entry_t **entry, encryption_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -826,17 +707,11 @@ METHOD(crypto_factory_t, create_aead_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool signer_filter(void *n, entry_t **entry, integrity_algorithm_t *algo) -{ - *algo = (*entry)->algo; -======= static bool signer_filter(void *n, entry_t **entry, integrity_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -849,17 +724,11 @@ METHOD(crypto_factory_t, create_signer_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool hasher_filter(void *n, entry_t **entry, hash_algorithm_t *algo) -{ - *algo = (*entry)->algo; -======= static bool hasher_filter(void *n, entry_t **entry, hash_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -872,17 +741,11 @@ METHOD(crypto_factory_t, create_hasher_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool prf_filter(void *n, entry_t **entry, pseudo_random_function_t *algo) -{ - *algo = (*entry)->algo; -======= static bool prf_filter(void *n, entry_t **entry, pseudo_random_function_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -895,17 +758,11 @@ METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group) -{ - *group = (*entry)->algo; -======= static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group, void *i2, const char **plugin_name) { *group = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -915,8 +772,6 @@ METHOD(crypto_factory_t, create_dh_enumerator, enumerator_t*, return create_enumerator(this, this->dhs, dh_filter); } -<<<<<<< HEAD -======= /** * Filter function to enumerate algorithm, not entry */ @@ -933,7 +788,6 @@ METHOD(crypto_factory_t, create_rng_enumerator, enumerator_t*, { return create_enumerator(this, this->rngs, rng_filter); } ->>>>>>> upstream/4.5.1 METHOD(crypto_factory_t, add_test_vector, void, private_crypto_factory_t *this, transform_type_t type, void *vector) { @@ -1008,10 +862,7 @@ crypto_factory_t *crypto_factory_create() .create_hasher_enumerator = _create_hasher_enumerator, .create_prf_enumerator = _create_prf_enumerator, .create_dh_enumerator = _create_dh_enumerator, -<<<<<<< HEAD -======= .create_rng_enumerator = _create_rng_enumerator, ->>>>>>> upstream/4.5.1 .add_test_vector = _add_test_vector, .destroy = _destroy, }, diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index 61c46b59c..8e5db6355 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -33,11 +33,8 @@ typedef struct crypto_factory_t crypto_factory_t; #include <crypto/diffie_hellman.h> #include <crypto/transform.h> -<<<<<<< HEAD -======= #define CRYPTO_MAX_ALG_LINE 120 /* characters */ ->>>>>>> upstream/4.5.1 /** * Constructor function for crypters */ @@ -149,19 +146,12 @@ struct crypto_factory_t { * Register a crypter constructor. * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_crypter)(crypto_factory_t *this, encryption_algorithm_t algo, -<<<<<<< HEAD - crypter_constructor_t create); -======= const char *plugin_name, crypter_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a crypter constructor. @@ -181,37 +171,23 @@ struct crypto_factory_t { * Register a aead constructor. * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_aead)(crypto_factory_t *this, encryption_algorithm_t algo, -<<<<<<< HEAD - aead_constructor_t create); -======= const char *plugin_name, aead_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Register a signer constructor. * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_signer)(crypto_factory_t *this, integrity_algorithm_t algo, -<<<<<<< HEAD - signer_constructor_t create); -======= const char *plugin_name, signer_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a signer constructor. @@ -227,19 +203,12 @@ struct crypto_factory_t { * create_hasher(HASH_PREFERRED). * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_hasher)(crypto_factory_t *this, hash_algorithm_t algo, -<<<<<<< HEAD - hasher_constructor_t create); -======= const char *plugin_name, hasher_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a hasher constructor. @@ -252,19 +221,12 @@ struct crypto_factory_t { * Register a prf constructor. * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_prf)(crypto_factory_t *this, pseudo_random_function_t algo, -<<<<<<< HEAD - prf_constructor_t create); -======= const char *plugin_name, prf_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a prf constructor. @@ -277,17 +239,11 @@ struct crypto_factory_t { * Register a source of randomness. * * @param quality quality of randomness this RNG serves -<<<<<<< HEAD - * @param create constructor function for such a quality - */ - void (*add_rng)(crypto_factory_t *this, rng_quality_t quality, rng_constructor_t create); -======= * @param plugin_name plugin that registered this algorithm * @param create constructor function for such a quality */ void (*add_rng)(crypto_factory_t *this, rng_quality_t quality, const char *plugin_name, rng_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a source of randomness. @@ -300,19 +256,12 @@ struct crypto_factory_t { * Register a diffie hellman constructor. * * @param group dh group to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_dh)(crypto_factory_t *this, diffie_hellman_group_t group, -<<<<<<< HEAD - dh_constructor_t create); -======= const char *plugin_name, dh_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a diffie hellman constructor. @@ -364,8 +313,6 @@ struct crypto_factory_t { enumerator_t* (*create_dh_enumerator)(crypto_factory_t *this); /** -<<<<<<< HEAD -======= * Create an enumerator over all registered random generators. * * @return enumerator over rng_quality_t @@ -373,7 +320,6 @@ struct crypto_factory_t { enumerator_t* (*create_rng_enumerator)(crypto_factory_t *this); /** ->>>>>>> upstream/4.5.1 * Add a test vector to the crypto factory. * * @param type type of the test vector diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index d4a8728e2..4635dccea 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -165,11 +165,7 @@ static u_int bench_crypter(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_crypter, bool, private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, -<<<<<<< HEAD - crypter_constructor_t create, u_int *speed) -======= crypter_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; crypter_test_vector_t *vector; @@ -192,15 +188,11 @@ METHOD(crypto_tester_t, test_crypter, bool, } crypter = create(alg, vector->key_size); if (!crypter) -<<<<<<< HEAD - { /* key size not supported... */ -======= { DBG1(DBG_LIB, "%N[%s]: %u bit key size not supported", encryption_algorithm_names, alg, plugin_name, BITS_PER_BYTE * vector->key_size); failed = TRUE; ->>>>>>> upstream/4.5.1 continue; } @@ -243,30 +235,19 @@ METHOD(crypto_tester_t, test_crypter, bool, crypter->destroy(crypter); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - encryption_algorithm_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", encryption_algorithm_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - encryption_algorithm_names, alg); - return !this->required; -======= if (failed) { DBG1(DBG_LIB,"disable %N[%s]: no key size supported", encryption_algorithm_names, alg, plugin_name); - return FALSE; + return FALSE; } else { @@ -275,30 +256,19 @@ METHOD(crypto_tester_t, test_crypter, bool, encryption_algorithm_names, alg, plugin_name); return !this->required; } ->>>>>>> upstream/4.5.1 } if (!failed) { if (speed) { *speed = bench_crypter(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - encryption_algorithm_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - encryption_algorithm_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", - encryption_algorithm_names, alg, tested, plugin_name, *speed); + encryption_algorithm_names, alg, plugin_name, tested, *speed); } else { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", encryption_algorithm_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -354,11 +324,7 @@ static u_int bench_aead(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_aead, bool, private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, -<<<<<<< HEAD - aead_constructor_t create, u_int *speed) -======= aead_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; aead_test_vector_t *vector; @@ -382,15 +348,11 @@ METHOD(crypto_tester_t, test_aead, bool, } aead = create(alg, vector->key_size); if (!aead) -<<<<<<< HEAD - { /* key size not supported... */ -======= { DBG1(DBG_LIB, "%N[%s]: %u bit key size not supported", encryption_algorithm_names, alg, plugin_name, BITS_PER_BYTE * vector->key_size); failed = TRUE; ->>>>>>> upstream/4.5.1 continue; } @@ -443,30 +405,19 @@ METHOD(crypto_tester_t, test_aead, bool, aead->destroy(aead); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - encryption_algorithm_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", encryption_algorithm_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - encryption_algorithm_names, alg); - return !this->required; -======= if (failed) { DBG1(DBG_LIB,"disable %N[%s]: no key size supported", encryption_algorithm_names, alg, plugin_name); - return FALSE; + return FALSE; } else { @@ -475,22 +426,12 @@ METHOD(crypto_tester_t, test_aead, bool, encryption_algorithm_names, alg, plugin_name); return !this->required; } ->>>>>>> upstream/4.5.1 } if (!failed) { if (speed) { *speed = bench_aead(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - encryption_algorithm_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - encryption_algorithm_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", encryption_algorithm_names, alg, plugin_name, tested, *speed); } @@ -498,7 +439,6 @@ METHOD(crypto_tester_t, test_aead, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", encryption_algorithm_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -546,11 +486,7 @@ static u_int bench_signer(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_signer, bool, private_crypto_tester_t *this, integrity_algorithm_t alg, -<<<<<<< HEAD - signer_constructor_t create, u_int *speed) -======= signer_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; signer_test_vector_t *vector; @@ -572,13 +508,8 @@ METHOD(crypto_tester_t, test_signer, bool, signer = create(alg); if (!signer) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: creating instance failed", - integrity_algorithm_names, alg); -======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", integrity_algorithm_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -633,28 +564,17 @@ METHOD(crypto_tester_t, test_signer, bool, signer->destroy(signer); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - integrity_algorithm_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", integrity_algorithm_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - integrity_algorithm_names, alg); -======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", integrity_algorithm_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -662,15 +582,6 @@ METHOD(crypto_tester_t, test_signer, bool, if (speed) { *speed = bench_signer(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - integrity_algorithm_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - integrity_algorithm_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", integrity_algorithm_names, alg, plugin_name, tested, *speed); } @@ -678,7 +589,6 @@ METHOD(crypto_tester_t, test_signer, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", integrity_algorithm_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -720,11 +630,7 @@ static u_int bench_hasher(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_hasher, bool, private_crypto_tester_t *this, hash_algorithm_t alg, -<<<<<<< HEAD - hasher_constructor_t create, u_int *speed) -======= hasher_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; hasher_test_vector_t *vector; @@ -746,13 +652,8 @@ METHOD(crypto_tester_t, test_hasher, bool, hasher = create(alg); if (!hasher) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: creating instance failed", - hash_algorithm_names, alg); -======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", hash_algorithm_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -794,28 +695,17 @@ METHOD(crypto_tester_t, test_hasher, bool, hasher->destroy(hasher); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - hash_algorithm_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", hash_algorithm_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - hash_algorithm_names, alg); -======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", hash_algorithm_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -823,15 +713,6 @@ METHOD(crypto_tester_t, test_hasher, bool, if (speed) { *speed = bench_hasher(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - hash_algorithm_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - hash_algorithm_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", hash_algorithm_names, alg, plugin_name, tested, *speed); } @@ -839,7 +720,6 @@ METHOD(crypto_tester_t, test_hasher, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", hash_algorithm_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -881,11 +761,7 @@ static u_int bench_prf(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_prf, bool, private_crypto_tester_t *this, pseudo_random_function_t alg, -<<<<<<< HEAD - prf_constructor_t create, u_int *speed) -======= prf_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; prf_test_vector_t *vector; @@ -907,13 +783,8 @@ METHOD(crypto_tester_t, test_prf, bool, prf = create(alg); if (!prf) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: creating instance failed", - pseudo_random_function_names, alg); -======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", pseudo_random_function_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -966,28 +837,17 @@ METHOD(crypto_tester_t, test_prf, bool, prf->destroy(prf); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - pseudo_random_function_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", pseudo_random_function_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - pseudo_random_function_names, alg); -======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", pseudo_random_function_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -995,15 +855,6 @@ METHOD(crypto_tester_t, test_prf, bool, if (speed) { *speed = bench_prf(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - pseudo_random_function_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - pseudo_random_function_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", pseudo_random_function_names, alg, plugin_name, tested, *speed); } @@ -1011,7 +862,6 @@ METHOD(crypto_tester_t, test_prf, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", pseudo_random_function_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -1050,11 +900,7 @@ static u_int bench_rng(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_rng, bool, private_crypto_tester_t *this, rng_quality_t quality, -<<<<<<< HEAD - rng_constructor_t create, u_int *speed) -======= rng_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; rng_test_vector_t *vector; @@ -1063,13 +909,8 @@ METHOD(crypto_tester_t, test_rng, bool, if (!this->rng_true && quality == RNG_TRUE) { -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: skipping test (disabled by config)", - rng_quality_names, quality); -======= DBG1(DBG_LIB, "enabled %N[%s]: skipping test (disabled by config)", rng_quality_names, quality, plugin_name); ->>>>>>> upstream/4.5.1 return TRUE; } @@ -1088,13 +929,8 @@ METHOD(crypto_tester_t, test_rng, bool, rng = create(quality); if (!rng) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: creating instance failed", - rng_quality_names, quality); -======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", rng_quality_names, quality, plugin_name); ->>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -1123,28 +959,17 @@ METHOD(crypto_tester_t, test_rng, bool, rng->destroy(rng); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - rng_quality_names, quality, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", rng_quality_names, quality, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? ", disabled" : "enabled ", - rng_quality_names, quality); -======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? ", disabled" : "enabled ", rng_quality_names, quality, plugin_name); ->>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -1152,15 +977,6 @@ METHOD(crypto_tester_t, test_rng, bool, if (speed) { *speed = bench_rng(this, quality, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - rng_quality_names, quality, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - rng_quality_names, quality, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", rng_quality_names, quality, plugin_name, tested, *speed); } @@ -1168,7 +984,6 @@ METHOD(crypto_tester_t, test_rng, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", rng_quality_names, quality, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 1354bec52..9ac665929 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -72,7 +72,7 @@ struct aead_test_vector_t { struct signer_test_vector_t { /** signer algorithm this test vector tests */ - pseudo_random_function_t alg; + integrity_algorithm_t alg; /** key to use, with a length the algorithm expects */ u_char *key; /** size of the input data */ @@ -143,11 +143,7 @@ struct crypto_tester_t { */ bool (*test_crypter)(crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, crypter_constructor_t create, -<<<<<<< HEAD - u_int *speed); -======= u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test an aead algorithm, optionally using a specified key size. @@ -160,11 +156,7 @@ struct crypto_tester_t { */ bool (*test_aead)(crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, aead_constructor_t create, -<<<<<<< HEAD - u_int *speed); -======= u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test a signer algorithm. * @@ -174,12 +166,8 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_signer)(crypto_tester_t *this, integrity_algorithm_t alg, -<<<<<<< HEAD - signer_constructor_t create, u_int *speed); -======= signer_constructor_t create, u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test a hasher algorithm. * @@ -189,12 +177,8 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_hasher)(crypto_tester_t *this, hash_algorithm_t alg, -<<<<<<< HEAD - hasher_constructor_t create, u_int *speed); -======= hasher_constructor_t create, u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test a PRF algorithm. * @@ -204,12 +188,8 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_prf)(crypto_tester_t *this, pseudo_random_function_t alg, -<<<<<<< HEAD - prf_constructor_t create, u_int *speed); -======= prf_constructor_t create, u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test a RNG implementation. * @@ -219,12 +199,8 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_rng)(crypto_tester_t *this, rng_quality_t quality, -<<<<<<< HEAD - rng_constructor_t create, u_int *speed); -======= rng_constructor_t create, u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Add a test vector to test a crypter. * diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index 10ab9fc23..d65955a2e 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -59,12 +59,12 @@ struct proposal_token { u_int16_t keysize; }; -#define TOTAL_KEYWORDS 117 +#define TOTAL_KEYWORDS 119 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 #define MIN_HASH_VALUE 9 -#define MAX_HASH_VALUE 209 -/* maximum key range = 201, duplicates = 0 */ +#define MAX_HASH_VALUE 213 +/* maximum key range = 205, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -80,32 +80,32 @@ hash (str, len) { static const unsigned char asso_values[] = { - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 16, 9, - 4, 41, 66, 19, 8, 4, 5, 3, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 122, 210, 3, 22, 21, - 3, 111, 103, 48, 7, 4, 210, 210, 3, 210, - 57, 3, 210, 210, 78, 6, 3, 28, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210 + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 14, 9, + 4, 34, 66, 19, 8, 4, 5, 3, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 131, 214, 3, 22, 21, + 3, 1, 101, 48, 3, 4, 214, 214, 3, 214, + 57, 4, 214, 214, 94, 6, 3, 32, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214 }; register int hval = len; @@ -143,14 +143,19 @@ hash (str, len) static const struct proposal_token wordlist[] = { {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0}, {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, + {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128}, {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, @@ -209,81 +214,79 @@ static const struct proposal_token wordlist[] = {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, - {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, - {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, + {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, - {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, - {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, + {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, + {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, - {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, - {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, - {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, + {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, + {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, + {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0}, {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, - {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, - {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, - {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, - {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, - {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, + {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, - {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, - {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, - {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, - {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, + {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, + {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0}, + {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, + {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, + {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, + {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, - {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, - {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0} + {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, + {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0} }; static const short lookup[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, - 1, -1, -1, -1, -1, -1, 2, -1, -1, -1, - -1, 3, 4, -1, -1, -1, -1, -1, 5, 6, - 7, 8, -1, -1, -1, 9, 10, 11, 12, 13, - 14, 15, 16, 17, 18, 19, 20, 21, 22, -1, - -1, -1, -1, 23, 24, 25, 26, 27, 28, 29, - 30, -1, 31, -1, 32, 33, 34, 35, 36, 37, - 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, - 48, -1, 49, -1, 50, -1, 51, -1, 52, -1, - 53, -1, 54, 55, 56, 57, 58, 59, 60, 61, - 62, 63, 64, 65, 66, 67, 68, 69, -1, 70, - -1, 71, -1, 72, 73, 74, 75, 76, -1, 77, - 78, 79, 80, 81, -1, 82, 83, 84, 85, -1, - -1, 86, 87, 88, 89, 90, 91, 92, -1, -1, - 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, - 103, 104, -1, -1, -1, -1, -1, -1, 105, 106, - 107, 108, -1, -1, -1, -1, 109, -1, 110, -1, - -1, -1, -1, -1, 111, -1, -1, -1, -1, 112, - 113, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 1, 2, -1, -1, -1, -1, 3, 4, -1, -1, + -1, 5, 6, -1, -1, 7, -1, 8, 9, 10, + 11, 12, -1, 13, -1, 14, 15, 16, 17, 18, + 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, + -1, -1, -1, -1, 29, 30, 31, 32, 33, 34, + 35, -1, 36, -1, 37, 38, 39, 40, 41, 42, + 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, + 53, -1, 54, -1, 55, -1, 56, -1, 57, -1, + 58, -1, 59, 60, 61, 62, 63, 64, 65, 66, + 67, 68, 69, 70, 71, 72, -1, 73, -1, 74, + -1, 75, -1, 76, 77, 78, 79, 80, -1, 81, + 82, 83, 84, 85, -1, 86, 87, -1, 88, -1, + -1, 89, 90, -1, 91, -1, -1, 92, -1, 93, + 94, 95, 96, -1, 97, -1, 98, 99, 100, 101, + 102, 103, -1, -1, -1, 104, -1, -1, 105, 106, + -1, 107, -1, -1, -1, 108, 109, -1, -1, 110, + 111, -1, -1, -1, 112, 113, -1, 114, 115, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 114, 115, -1, -1, -1, 116 + -1, -1, -1, -1, -1, 116, -1, -1, -1, 117, + -1, -1, -1, 118 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt index 208c6715b..4ef664d8f 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt @@ -146,3 +146,5 @@ ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0 modp1024s160, DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0 modp2048s224, DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0 modp2048s256, DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0 +noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0 +esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0 diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c index cec90a616..1e108f1de 100644 --- a/src/libstrongswan/crypto/transform.c +++ b/src/libstrongswan/crypto/transform.c @@ -28,3 +28,8 @@ ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, "EXTENDED_SEQUENCE_NUMBERS"); ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS); + +ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS, + "NO_EXT_SEQ", + "EXT_SEQ", +); diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h index 1a2660199..1393c674c 100644 --- a/src/libstrongswan/crypto/transform.h +++ b/src/libstrongswan/crypto/transform.h @@ -45,4 +45,17 @@ enum transform_type_t { */ extern enum_name_t *transform_type_names; +/** + * Extended sequence numbers, as in IKEv2 RFC 3.3.2. + */ +enum extended_sequence_numbers_t { + NO_EXT_SEQ_NUMBERS = 0, + EXT_SEQ_NUMBERS = 1 +}; + +/** + * enum strings for extended_sequence_numbers_t. + */ +extern enum_name_t *extended_sequence_numbers_names; + #endif /** TRANSFORM_H_ @}*/ diff --git a/src/libstrongswan/eap/eap.c b/src/libstrongswan/eap/eap.c index 71734017a..11b475d8f 100644 --- a/src/libstrongswan/eap/eap.c +++ b/src/libstrongswan/eap/eap.c @@ -44,11 +44,15 @@ ENUM_NEXT(eap_type_names, EAP_TTLS, EAP_TTLS, EAP_SIM, "EAP_TTLS"); ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_TTLS, "EAP_AKA"); -ENUM_NEXT(eap_type_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA, +ENUM_NEXT(eap_type_names, EAP_PEAP, EAP_MSCHAPV2, EAP_AKA, + "EAP_PEAP", "EAP_MSCHAPV2"); -ENUM_NEXT(eap_type_names, EAP_TNC, EAP_TNC, EAP_MSCHAPV2, +ENUM_NEXT(eap_type_names, EAP_MSTLV, EAP_MSTLV, EAP_MSCHAPV2, + "EAP_MSTLV"); +ENUM_NEXT(eap_type_names, EAP_TNC, EAP_TNC, EAP_MSTLV, "EAP_TNC"); -ENUM_NEXT(eap_type_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_TNC, +ENUM_NEXT(eap_type_names, EAP_DYNAMIC, EAP_EXPERIMENTAL, EAP_TNC, + "EAP_DYNAMIC", "EAP_RADIUS", "EAP_EXPANDED", "EAP_EXPERIMENTAL"); @@ -69,11 +73,15 @@ ENUM_NEXT(eap_type_short_names, EAP_TTLS, EAP_TTLS, EAP_SIM, "TTLS"); ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_TTLS, "AKA"); -ENUM_NEXT(eap_type_short_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA, +ENUM_NEXT(eap_type_short_names, EAP_PEAP, EAP_MSCHAPV2, EAP_AKA, + "PEAP", "MSCHAPV2"); -ENUM_NEXT(eap_type_short_names, EAP_TNC, EAP_TNC, EAP_MSCHAPV2, +ENUM_NEXT(eap_type_short_names, EAP_MSTLV, EAP_MSTLV, EAP_MSCHAPV2, + "MSTLV"); +ENUM_NEXT(eap_type_short_names, EAP_TNC, EAP_TNC, EAP_MSTLV, "TNC"); -ENUM_NEXT(eap_type_short_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_TNC, +ENUM_NEXT(eap_type_short_names, EAP_DYNAMIC, EAP_EXPERIMENTAL, EAP_TNC, + "DYN", "RAD", "EXP", "XP"); @@ -115,6 +123,7 @@ eap_type_t eap_type_from_string(char *name) {"ttls", EAP_TTLS}, {"sim", EAP_SIM}, {"aka", EAP_AKA}, + {"peap", EAP_PEAP}, {"mschapv2", EAP_MSCHAPV2}, {"tnc", EAP_TNC}, {"radius", EAP_RADIUS}, diff --git a/src/libstrongswan/eap/eap.h b/src/libstrongswan/eap/eap.h index cb28d4e2d..945e4bc59 100644 --- a/src/libstrongswan/eap/eap.h +++ b/src/libstrongswan/eap/eap.h @@ -60,8 +60,12 @@ enum eap_type_t { EAP_SIM = 18, EAP_TTLS = 21, EAP_AKA = 23, + EAP_PEAP = 25, EAP_MSCHAPV2 = 26, + EAP_MSTLV = 33, EAP_TNC = 38, + /** select EAP method dynamically based on i.e. EAP-Identity */ + EAP_DYNAMIC = 252, /** not a method, but an implementation providing different methods */ EAP_RADIUS = 253, EAP_EXPANDED = 254, @@ -79,14 +83,21 @@ extern enum_name_t *eap_type_names; extern enum_name_t *eap_type_short_names; /** + * EAP packet format + */ +typedef struct __attribute__((packed)) { + u_int8_t code; + u_int8_t identifier; + u_int16_t length; + u_int8_t type; + u_int8_t data; +} eap_packet_t; + +/** * Lookup the EAP method type from a string. * * @param name EAP method name (such as "md5", "aka") -<<<<<<< HEAD - * @return method type, 0 if unkown -======= * @return method type, 0 if unknown ->>>>>>> upstream/4.5.1 */ eap_type_t eap_type_from_string(char *name); diff --git a/src/libstrongswan/enum.c b/src/libstrongswan/enum.c index df6a73a81..5c811bd17 100644 --- a/src/libstrongswan/enum.c +++ b/src/libstrongswan/enum.c @@ -43,11 +43,7 @@ int enum_from_name(enum_name_t *e, char *name) { do { -<<<<<<< HEAD - int i, count = e->last - e->first; -======= int i, count = e->last - e->first + 1; ->>>>>>> upstream/4.5.1 for (i = 0; i < count; i++) { diff --git a/src/libstrongswan/fetcher/fetcher.c b/src/libstrongswan/fetcher/fetcher.c new file mode 100644 index 000000000..ca5a72165 --- /dev/null +++ b/src/libstrongswan/fetcher/fetcher.c @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "fetcher.h" + +/** + * See header. + */ +bool fetcher_default_callback(void *userdata, chunk_t chunk) +{ + chunk_t *accu = userdata; + + accu->ptr = realloc(accu->ptr, accu->len + chunk.len); + if (accu->ptr) + { + memcpy(&accu->ptr[accu->len], chunk.ptr, chunk.len); + accu->len += chunk.len; + return TRUE; + } + return FALSE; +} diff --git a/src/libstrongswan/fetcher/fetcher.h b/src/libstrongswan/fetcher/fetcher.h index f312206bb..5b734da3d 100644 --- a/src/libstrongswan/fetcher/fetcher.h +++ b/src/libstrongswan/fetcher/fetcher.h @@ -1,6 +1,7 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2011 Martin Willi * Hochschule fuer Technik Rapperswil + * Copyright (C) 2011 revosec AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -25,6 +26,23 @@ typedef struct fetcher_t fetcher_t; typedef enum fetcher_option_t fetcher_option_t; #include <stdarg.h> +#include <chunk.h> + +/** + * Constructor function which creates fetcher instances. + * + * @return fetcher instance + */ +typedef fetcher_t* (*fetcher_constructor_t)(); + +/** + * Callback function used with FETCH_CALLBACK. + * + * @param userdata userdata passed to fetcher_t.fetch() + * @param chunk chunk with next chunk of data + * @return TRUE to continue with transfer, FALSE to abort + */ +typedef bool (*fetcher_callback_t)(void *userdata, chunk_t chunk); #include <library.h> @@ -64,19 +82,20 @@ enum fetcher_option_t { FETCH_TIMEOUT, /** + * Callback to invoke with each chunk of data. + * Additional argument fetch_callback_t. + * If this option is not given, the fetcher_default_callback is used, + * which accumulates the data into an allocated chunk. + */ + FETCH_CALLBACK, + + /** * end of fetching options */ FETCH_END, }; /** - * Constructor function which creates fetcher instances. - * - * @return fetcher instance - */ -typedef fetcher_t* (*fetcher_constructor_t)(); - -/** * Fetcher interface, an implementation fetches data from an URL. */ struct fetcher_t { @@ -87,15 +106,18 @@ struct fetcher_t { * The fetcher returns NOT_SUPPORTED to indicate that it is uncappable * to handle such URLs. Other return values indicate a failure, and * fetching of that URL gets cancelled. + * If no FETCH_CALLBACK function is set as option, userdata must be + * a chunk_t*. This chunk gets allocated, accumulated data using the + * fetcher_default_callback() function. * * @param uri URI to fetch from - * @param result chunk which receives allocated data + * @param userdata userdata to pass to callback function. * @return * - SUCCESS if fetch was successful * - NOT_SUPPORTED if fetcher does not support such URLs * - FAILED, NOT_FOUND, PARSE_ERROR on failure */ - status_t (*fetch)(fetcher_t *this, char *uri, chunk_t *result); + status_t (*fetch)(fetcher_t *this, char *uri, void *userdata); /** * Set a fetcher option, as defined in fetcher_option_t. @@ -114,4 +136,13 @@ struct fetcher_t { void (*destroy)(fetcher_t *this); }; +/** + * Default fetcher callback function, accumulates data to a chunk. + * + * @param userdata chunk for allocated data, empty on first invocation + * @param chunk current chunk of data + * @return FALSE if chunk too large to allocate + */ +bool fetcher_default_callback(void *userdata, chunk_t chunk); + #endif /** FETCHER_H_ @}*/ diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c index 2c5f5f688..9b363c7eb 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.c +++ b/src/libstrongswan/fetcher/fetcher_manager.c @@ -58,11 +58,8 @@ static void entry_destroy(entry_t *entry) free(entry); } -/** - * Implementation of fetcher_manager_t.fetch. - */ -static status_t fetch(private_fetcher_manager_t *this, - char *url, chunk_t *response, ...) +METHOD(fetcher_manager_t, fetch, status_t, + private_fetcher_manager_t *this, char *url, void *userdata, ...) { enumerator_t *enumerator; status_t status = NOT_SUPPORTED; @@ -89,35 +86,33 @@ static status_t fetch(private_fetcher_manager_t *this, { continue; } - va_start(args, response); + va_start(args, userdata); while (good) { -<<<<<<< HEAD - opt = va_arg(args, fetcher_option_t); -======= opt = va_arg(args, int); ->>>>>>> upstream/4.5.1 switch (opt) { case FETCH_REQUEST_DATA: - good = fetcher->set_option(fetcher, opt, va_arg(args, chunk_t)); + good = fetcher->set_option(fetcher, opt, + va_arg(args, chunk_t)); continue; case FETCH_REQUEST_TYPE: case FETCH_REQUEST_HEADER: - good = fetcher->set_option(fetcher, opt, va_arg(args, char*)); + good = fetcher->set_option(fetcher, opt, + va_arg(args, char*)); continue; case FETCH_HTTP_VERSION_1_0: good = fetcher->set_option(fetcher, opt); continue; case FETCH_TIMEOUT: - good = fetcher->set_option(fetcher, opt, va_arg(args, u_int)); + good = fetcher->set_option(fetcher, opt, + va_arg(args, u_int)); continue; + case FETCH_CALLBACK: + good = fetcher->set_option(fetcher, opt, + va_arg(args, fetcher_callback_t)); case FETCH_END: -<<<<<<< HEAD - break;; -======= break; ->>>>>>> upstream/4.5.1 } break; } @@ -128,7 +123,7 @@ static status_t fetch(private_fetcher_manager_t *this, continue; } - status = fetcher->fetch(fetcher, url, response); + status = fetcher->fetch(fetcher, url, userdata); fetcher->destroy(fetcher); /* try another fetcher only if this one does not support that URL */ if (status == NOT_SUPPORTED) @@ -147,27 +142,22 @@ static status_t fetch(private_fetcher_manager_t *this, return status; } -/** - * Implementation of fetcher_manager_t.add_fetcher. - */ -static void add_fetcher(private_fetcher_manager_t *this, - fetcher_constructor_t create, char *url) +METHOD(fetcher_manager_t, add_fetcher, void, + private_fetcher_manager_t *this, fetcher_constructor_t create, char *url) { - entry_t *entry = malloc_thing(entry_t); - - entry->url = strdup(url); - entry->create = create; + entry_t *entry; + INIT(entry, + .url = strdup(url), + .create = create, + ); this->lock->write_lock(this->lock); this->fetchers->insert_last(this->fetchers, entry); this->lock->unlock(this->lock); } -/** - * Implementation of fetcher_manager_t.remove_fetcher. - */ -static void remove_fetcher(private_fetcher_manager_t *this, - fetcher_constructor_t create) +METHOD(fetcher_manager_t, remove_fetcher, void, + private_fetcher_manager_t *this, fetcher_constructor_t create) { enumerator_t *enumerator; entry_t *entry; @@ -186,10 +176,8 @@ static void remove_fetcher(private_fetcher_manager_t *this, this->lock->unlock(this->lock); } -/** - * Implementation of fetcher_manager_t.destroy - */ -static void destroy(private_fetcher_manager_t *this) +METHOD(fetcher_manager_t, destroy, void, + private_fetcher_manager_t *this) { this->fetchers->destroy_function(this->fetchers, (void*)entry_destroy); this->lock->destroy(this->lock); @@ -201,15 +189,18 @@ static void destroy(private_fetcher_manager_t *this) */ fetcher_manager_t *fetcher_manager_create() { - private_fetcher_manager_t *this = malloc_thing(private_fetcher_manager_t); - - this->public.fetch = (status_t(*)(fetcher_manager_t*, char *url, chunk_t *response, ...))fetch; - this->public.add_fetcher = (void(*)(fetcher_manager_t*, fetcher_constructor_t,char*))add_fetcher; - this->public.remove_fetcher = (void(*)(fetcher_manager_t*, fetcher_constructor_t))remove_fetcher; - this->public.destroy = (void(*)(fetcher_manager_t*))destroy; - - this->fetchers = linked_list_create(); - this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); + private_fetcher_manager_t *this; + + INIT(this, + .public = { + .fetch = _fetch, + .add_fetcher = _add_fetcher, + .remove_fetcher = _remove_fetcher, + .destroy = _destroy, + }, + .fetchers = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); return &this->public; } diff --git a/src/libstrongswan/fetcher/fetcher_manager.h b/src/libstrongswan/fetcher/fetcher_manager.h index a7ac6611e..15250d531 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.h +++ b/src/libstrongswan/fetcher/fetcher_manager.h @@ -31,17 +31,20 @@ typedef struct fetcher_manager_t fetcher_manager_t; struct fetcher_manager_t { /** - * Fetch data from URI into chunk. + * Fetch data from URI. * * The variable argument list contains fetcher_option_t's, followed * by a option specific data argument. + * If no FETCH_CALLBACK function is given as option, userdata must be + * a chunk_t*. This chunk gets allocated, accumulated data using the + * fetcher_default_callback() function. * * @param uri URI to fetch from - * @param result chunk which receives allocated data + * @param userdata userdata to pass to callback function. * @param options FETCH_END terminated fetcher_option_t arguments * @return status indicating result of fetch */ - status_t (*fetch)(fetcher_manager_t *this, char *url, chunk_t *response, ...); + status_t (*fetch)(fetcher_manager_t *this, char *url, void *userdata, ...); /** * Register a fetcher implementation. diff --git a/src/libstrongswan/integrity_checker.c b/src/libstrongswan/integrity_checker.c index 7060f9ea0..e962aba70 100644 --- a/src/libstrongswan/integrity_checker.c +++ b/src/libstrongswan/integrity_checker.c @@ -57,16 +57,8 @@ struct private_integrity_checker_t { int checksum_count; }; -<<<<<<< HEAD -/** - * Implementation of integrity_checker_t.build_file - */ -static u_int32_t build_file(private_integrity_checker_t *this, char *file, - size_t *len) -======= METHOD(integrity_checker_t, build_file, u_int32_t, private_integrity_checker_t *this, char *file, size_t *len) ->>>>>>> upstream/4.5.1 { u_int32_t checksum; chunk_t contents; @@ -141,16 +133,8 @@ static int callback(struct dl_phdr_info *dlpi, size_t size, Dl_info *dli) return 0; } -<<<<<<< HEAD -/** - * Implementation of integrity_checker_t.build_segment - */ -static u_int32_t build_segment(private_integrity_checker_t *this, void *sym, - size_t *len) -======= METHOD(integrity_checker_t, build_segment, u_int32_t, private_integrity_checker_t *this, void *sym, size_t *len) ->>>>>>> upstream/4.5.1 { chunk_t segment; Dl_info dli; @@ -190,16 +174,8 @@ static integrity_checksum_t *find_checksum(private_integrity_checker_t *this, return NULL; } -<<<<<<< HEAD -/** - * Implementation of integrity_checker_t.check_file - */ -static bool check_file(private_integrity_checker_t *this, - char *name, char *file) -======= METHOD(integrity_checker_t, check_file, bool, private_integrity_checker_t *this, char *name, char *file) ->>>>>>> upstream/4.5.1 { integrity_checksum_t *cs; u_int32_t sum; @@ -232,16 +208,8 @@ METHOD(integrity_checker_t, check_file, bool, return TRUE; } -<<<<<<< HEAD -/** - * Implementation of integrity_checker_t.check_segment - */ -static bool check_segment(private_integrity_checker_t *this, - char *name, void *sym) -======= METHOD(integrity_checker_t, check_segment, bool, private_integrity_checker_t *this, char *name, void *sym) ->>>>>>> upstream/4.5.1 { integrity_checksum_t *cs; u_int32_t sum; @@ -274,15 +242,8 @@ METHOD(integrity_checker_t, check_segment, bool, return TRUE; } -<<<<<<< HEAD -/** - * Implementation of integrity_checker_t.check - */ -static bool check(private_integrity_checker_t *this, char *name, void *sym) -======= METHOD(integrity_checker_t, check, bool, private_integrity_checker_t *this, char *name, void *sym) ->>>>>>> upstream/4.5.1 { Dl_info dli; @@ -302,15 +263,8 @@ METHOD(integrity_checker_t, check, bool, return TRUE; } -<<<<<<< HEAD -/** - * Implementation of integrity_checker_t.destroy. - */ -static void destroy(private_integrity_checker_t *this) -======= METHOD(integrity_checker_t, destroy, void, private_integrity_checker_t *this) ->>>>>>> upstream/4.5.1 { if (this->handle) { @@ -324,19 +278,6 @@ METHOD(integrity_checker_t, destroy, void, */ integrity_checker_t *integrity_checker_create(char *checksum_library) { -<<<<<<< HEAD - private_integrity_checker_t *this = malloc_thing(private_integrity_checker_t); - - this->public.check_file = (bool(*)(integrity_checker_t*, char *name, char *file))check_file; - this->public.build_file = (u_int32_t(*)(integrity_checker_t*, char *file, size_t *len))build_file; - this->public.check_segment = (bool(*)(integrity_checker_t*, char *name, void *sym))check_segment; - this->public.build_segment = (u_int32_t(*)(integrity_checker_t*, void *sym, size_t *len))build_segment; - this->public.check = (bool(*)(integrity_checker_t*, char *name, void *sym))check; - this->public.destroy = (void(*)(integrity_checker_t*))destroy; - - this->checksum_count = 0; - this->handle = NULL; -======= private_integrity_checker_t *this; INIT(this, @@ -350,7 +291,6 @@ integrity_checker_t *integrity_checker_create(char *checksum_library) }, ); ->>>>>>> upstream/4.5.1 if (checksum_library) { this->handle = dlopen(checksum_library, RTLD_LAZY); diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 6e4aeb9d6..c93f84ca7 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c index f13e33492..2a1fed944 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.c +++ b/src/libstrongswan/plugins/aes/aes_crypter.c @@ -1518,6 +1518,7 @@ METHOD(crypter_t, set_key, void, METHOD(crypter_t, destroy, void, private_aes_crypter_t *this) { + memwipe(this, sizeof(*this)); free(this); } diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c index b859d3167..d17355d1d 100644 --- a/src/libstrongswan/plugins/aes/aes_plugin.c +++ b/src/libstrongswan/plugins/aes/aes_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "aes_crypter.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "aes"; - ->>>>>>> upstream/4.5.1 typedef struct private_aes_plugin_t private_aes_plugin_t; /** @@ -36,6 +31,12 @@ struct private_aes_plugin_t { aes_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_aes_plugin_t *this) +{ + return "aes"; +} + METHOD(plugin_t, destroy, void, private_aes_plugin_t *this) { @@ -54,16 +55,14 @@ plugin_t *aes_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, -======= - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this), (crypter_constructor_t)aes_crypter_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in index aa8df979e..00b54b026 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.in +++ b/src/libstrongswan/plugins/af_alg/Makefile.in @@ -244,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,6 +269,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/af_alg/af_alg_crypter.c b/src/libstrongswan/plugins/af_alg/af_alg_crypter.c index 3416ad8d2..7b3c062aa 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_crypter.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_crypter.c @@ -63,6 +63,7 @@ static struct { size_t iv_size; } algs[] = { {ENCR_DES, "cbc(des)", 8, 8, 8, 8, }, + {ENCR_DES_ECB, "ecb(des)", 8, 8, 8, 0, }, {ENCR_3DES, "cbc(des3_ede)", 8, 24, 24, 8, }, {ENCR_AES_CBC, "cbc(aes)", 16, 16, 16, 16, }, {ENCR_AES_CBC, "cbc(aes)", 16, 24, 24, 16, }, @@ -91,7 +92,7 @@ static struct { /** * See header. */ -void af_alg_crypter_probe() +void af_alg_crypter_probe(char *plugin) { encryption_algorithm_t prev = -1; af_alg_ops_t *ops; @@ -105,7 +106,7 @@ void af_alg_crypter_probe() if (ops) { ops->destroy(ops); - lib->crypto->add_crypter(lib->crypto, algs[i].id, af_alg_plugin_name, + lib->crypto->add_crypter(lib->crypto, algs[i].id, plugin, (crypter_constructor_t)af_alg_crypter_create); } } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_crypter.h b/src/libstrongswan/plugins/af_alg/af_alg_crypter.h index 711d2fc35..ed7799cc8 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_crypter.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_crypter.h @@ -48,7 +48,9 @@ af_alg_crypter_t *af_alg_crypter_create(encryption_algorithm_t algo, /** * Probe algorithms and register af_alg_crypter_create(). + * + * @param plugin plugin name to register algorithms for */ -void af_alg_crypter_probe(); +void af_alg_crypter_probe(char *plugin); #endif /** AF_ALG_CRYPTER_H_ @}*/ diff --git a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c index 7c6297d44..11074c4bd 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c @@ -59,7 +59,7 @@ static struct { /** * See header. */ -void af_alg_hasher_probe() +void af_alg_hasher_probe(char *plugin) { af_alg_ops_t *ops; int i; @@ -70,7 +70,7 @@ void af_alg_hasher_probe() if (ops) { ops->destroy(ops); - lib->crypto->add_hasher(lib->crypto, algs[i].id, af_alg_plugin_name, + lib->crypto->add_hasher(lib->crypto, algs[i].id, plugin, (hasher_constructor_t)af_alg_hasher_create); } } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_hasher.h b/src/libstrongswan/plugins/af_alg/af_alg_hasher.h index e0833e23a..f44ba2938 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_hasher.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_hasher.h @@ -46,7 +46,9 @@ af_alg_hasher_t *af_alg_hasher_create(hash_algorithm_t algo); /** * Probe algorithms and register af_alg_hasher_create(). + * + * @param plugin plugin name to register algorithms for */ -void af_alg_hasher_probe(); +void af_alg_hasher_probe(char *plugin); #endif /** af_alg_HASHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/af_alg/af_alg_ops.c b/src/libstrongswan/plugins/af_alg/af_alg_ops.c index 7bf1d90db..82a227d97 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_ops.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_ops.c @@ -21,8 +21,6 @@ #include <debug.h> -const char *af_alg_plugin_name = "af-alg"; - typedef struct private_af_alg_ops_t private_af_alg_ops_t; /** diff --git a/src/libstrongswan/plugins/af_alg/af_alg_ops.h b/src/libstrongswan/plugins/af_alg/af_alg_ops.h index b7d642c00..ad164029f 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_ops.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_ops.h @@ -33,8 +33,6 @@ #define SOL_ALG 279 #endif /* SOL_ALG */ -extern const char *af_alg_plugin_name; - typedef struct af_alg_ops_t af_alg_ops_t; /** diff --git a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c index 54e39f1a0..280ea4e98 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c @@ -35,6 +35,12 @@ struct private_af_alg_plugin_t { af_alg_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_af_alg_plugin_t *this) +{ + return "af-alg"; +} + METHOD(plugin_t, destroy, void, private_af_alg_plugin_t *this) { @@ -60,15 +66,17 @@ plugin_t *af_alg_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); - af_alg_hasher_probe(); - af_alg_signer_probe(); - af_alg_prf_probe(); - af_alg_crypter_probe(); + af_alg_hasher_probe(get_name(this)); + af_alg_signer_probe(get_name(this)); + af_alg_prf_probe(get_name(this)); + af_alg_crypter_probe(get_name(this)); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_prf.c b/src/libstrongswan/plugins/af_alg/af_alg_prf.c index 575906bae..1c1174abb 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_prf.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_prf.c @@ -70,7 +70,7 @@ static struct { /** * See header. */ -void af_alg_prf_probe() +void af_alg_prf_probe(char *plugin) { af_alg_ops_t *ops; int i; @@ -81,7 +81,7 @@ void af_alg_prf_probe() if (ops) { ops->destroy(ops); - lib->crypto->add_prf(lib->crypto, algs[i].id, af_alg_plugin_name, + lib->crypto->add_prf(lib->crypto, algs[i].id, plugin, (prf_constructor_t)af_alg_prf_create); } } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_prf.h b/src/libstrongswan/plugins/af_alg/af_alg_prf.h index a3dea5649..d3275e7be 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_prf.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_prf.h @@ -46,7 +46,9 @@ af_alg_prf_t *af_alg_prf_create(pseudo_random_function_t algo); /** * Probe algorithms and register af_alg_prf_create(). + * + * @param plugin plugin name to register algorithms for */ -void af_alg_prf_probe(); +void af_alg_prf_probe(char *plugin); #endif /** AF_ALG_PRF_H_ @}*/ diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.c b/src/libstrongswan/plugins/af_alg/af_alg_signer.c index 3d6f907bf..34534a06b 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_signer.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.c @@ -71,7 +71,7 @@ static struct { /** * See header. */ -void af_alg_signer_probe() +void af_alg_signer_probe(char *plugin) { af_alg_ops_t *ops; int i; @@ -82,7 +82,7 @@ void af_alg_signer_probe() if (ops) { ops->destroy(ops); - lib->crypto->add_signer(lib->crypto, algs[i].id, af_alg_plugin_name, + lib->crypto->add_signer(lib->crypto, algs[i].id, plugin, (signer_constructor_t)af_alg_signer_create); } } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.h b/src/libstrongswan/plugins/af_alg/af_alg_signer.h index b1d90707f..21487a118 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_signer.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.h @@ -46,7 +46,9 @@ af_alg_signer_t *af_alg_signer_create(integrity_algorithm_t algo); /** * Probe algorithms and register af_alg_signer_create(). + * + * @param plugin plugin name to register algorithms for */ -void af_alg_signer_probe(); +void af_alg_signer_probe(char *plugin); #endif /** AF_ALG_SIGNER_H_ @}*/ diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index fa255ad23..ce333660d 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c index bd3c1ac75..79c13b7c1 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.c +++ b/src/libstrongswan/plugins/agent/agent_plugin.c @@ -31,6 +31,12 @@ struct private_agent_plugin_t { agent_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_agent_plugin_t *this) +{ + return "agent"; +} + METHOD(plugin_t, destroy, void, private_agent_plugin_t *this) { @@ -49,6 +55,8 @@ plugin_t *agent_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index 14f25d015..be8ba72ee 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c index 784c07eaf..fc3649b36 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c @@ -160,6 +160,7 @@ METHOD(crypter_t, set_key, void, METHOD(crypter_t, destroy, void, private_blowfish_crypter_t *this) { + memwipe(this, sizeof(*this)); free(this); } diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c index 03f46a63a..9dc8dfe7f 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c @@ -19,11 +19,6 @@ #include <library.h> #include "blowfish_crypter.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "blowfish"; - ->>>>>>> upstream/4.5.1 typedef struct private_blowfish_plugin_t private_blowfish_plugin_t; /** @@ -37,6 +32,12 @@ struct private_blowfish_plugin_t { blowfish_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_blowfish_plugin_t *this) +{ + return "blowfish"; +} + METHOD(plugin_t, destroy, void, private_blowfish_plugin_t *this) { @@ -55,16 +56,14 @@ plugin_t *blowfish_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, -======= - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, get_name(this), (crypter_constructor_t)blowfish_crypter_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index 504d1938a..b2bc4a51f 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/ccm/ccm_plugin.c b/src/libstrongswan/plugins/ccm/ccm_plugin.c index 15c548e64..2865c2ae4 100644 --- a/src/libstrongswan/plugins/ccm/ccm_plugin.c +++ b/src/libstrongswan/plugins/ccm/ccm_plugin.c @@ -19,11 +19,6 @@ #include "ccm_aead.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "ccm"; - ->>>>>>> upstream/4.5.1 typedef struct private_ccm_plugin_t private_ccm_plugin_t; /** @@ -37,6 +32,12 @@ struct private_ccm_plugin_t { ccm_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_ccm_plugin_t *this) +{ + return "ccm"; +} + METHOD(plugin_t, destroy, void, private_ccm_plugin_t *this) { @@ -52,52 +53,40 @@ METHOD(plugin_t, destroy, void, plugin_t *ccm_plugin_create() { private_ccm_plugin_t *this; -<<<<<<< HEAD -======= crypter_t *crypter; ->>>>>>> upstream/4.5.1 INIT(this, - .public.plugin.destroy = _destroy, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, ); -<<<<<<< HEAD - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV8, - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV12, - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV16, - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV8, - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV12, - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16, - (aead_constructor_t)ccm_aead_create); -======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 0); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV8, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV8, get_name(this), (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV12, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV12, get_name(this), (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV16, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV16, get_name(this), (aead_constructor_t)ccm_aead_create); } crypter = lib->crypto->create_crypter(lib->crypto, ENCR_CAMELLIA_CBC, 0); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV8, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV8, get_name(this), (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV12, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV12, get_name(this), (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16, get_name(this), (aead_constructor_t)ccm_aead_create); } ->>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in index 382bfef98..8be502a9c 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.in +++ b/src/libstrongswan/plugins/constraints/Makefile.in @@ -244,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,6 +269,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/constraints/constraints_plugin.c b/src/libstrongswan/plugins/constraints/constraints_plugin.c index 1c3f0c835..502c83559 100644 --- a/src/libstrongswan/plugins/constraints/constraints_plugin.c +++ b/src/libstrongswan/plugins/constraints/constraints_plugin.c @@ -36,6 +36,12 @@ struct private_constraints_plugin_t { constraints_validator_t *validator; }; +METHOD(plugin_t, get_name, char*, + private_constraints_plugin_t *this) +{ + return "constraints"; +} + METHOD(plugin_t, destroy, void, private_constraints_plugin_t *this) { @@ -54,6 +60,8 @@ plugin_t *constraints_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index ecee15d56..0db640829 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.c b/src/libstrongswan/plugins/ctr/ctr_plugin.c index dc6cba562..6850cacf0 100644 --- a/src/libstrongswan/plugins/ctr/ctr_plugin.c +++ b/src/libstrongswan/plugins/ctr/ctr_plugin.c @@ -19,11 +19,6 @@ #include "ctr_ipsec_crypter.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "ctr"; - ->>>>>>> upstream/4.5.1 typedef struct private_ctr_plugin_t private_ctr_plugin_t; /** @@ -37,6 +32,12 @@ struct private_ctr_plugin_t { ctr_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_ctr_plugin_t *this) +{ + return "ctr"; +} + METHOD(plugin_t, destroy, void, private_ctr_plugin_t *this) { @@ -52,40 +53,31 @@ METHOD(plugin_t, destroy, void, plugin_t *ctr_plugin_create() { private_ctr_plugin_t *this; -<<<<<<< HEAD -======= crypter_t *crypter; ->>>>>>> upstream/4.5.1 INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, - (crypter_constructor_t)ctr_ipsec_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, - (crypter_constructor_t)ctr_ipsec_crypter_create); - -======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, get_name(this), (crypter_constructor_t)ctr_ipsec_crypter_create); } crypter = lib->crypto->create_crypter(lib->crypto, ENCR_CAMELLIA_CBC, 16); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, get_name(this), (crypter_constructor_t)ctr_ipsec_crypter_create); } ->>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index f2192399c..cdfb2b801 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index e58188098..7f8c0aec2 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -43,31 +43,49 @@ struct private_curl_fetcher_t { * Optional HTTP headers */ struct curl_slist *headers; + + /** + * Callback function + */ + fetcher_callback_t cb; }; /** - * writes data into a dynamically resizeable chunk_t + * Data to pass to curl callback + */ +typedef struct { + fetcher_callback_t cb; + void *user; +} cb_data_t; + +/** + * Curl callback function, invokes fetcher_callback_t function */ -static size_t append(void *ptr, size_t size, size_t nmemb, chunk_t *data) +static size_t curl_cb(void *ptr, size_t size, size_t nmemb, cb_data_t *data) { size_t realsize = size * nmemb; - data->ptr = (u_char*)realloc(data->ptr, data->len + realsize); - if (data->ptr) + if (data->cb(data->user, chunk_create(ptr, realsize))) { - memcpy(&data->ptr[data->len], ptr, realsize); - data->len += realsize; + return realsize; } - return realsize; + return 0; } METHOD(fetcher_t, fetch, status_t, - private_curl_fetcher_t *this, char *uri, chunk_t *result) + private_curl_fetcher_t *this, char *uri, void *userdata) { char error[CURL_ERROR_SIZE]; status_t status; + cb_data_t data = { + .cb = this->cb, + .user = userdata, + }; - *result = chunk_empty; + if (this->cb == fetcher_default_callback) + { + *(chunk_t*)userdata = chunk_empty; + } if (curl_easy_setopt(this->curl, CURLOPT_URL, uri) != CURLE_OK) { /* URL type not supported by curl */ @@ -77,8 +95,8 @@ METHOD(fetcher_t, fetch, status_t, curl_easy_setopt(this->curl, CURLOPT_FAILONERROR, TRUE); curl_easy_setopt(this->curl, CURLOPT_NOSIGNAL, TRUE); curl_easy_setopt(this->curl, CURLOPT_CONNECTTIMEOUT, DEFAULT_TIMEOUT); - curl_easy_setopt(this->curl, CURLOPT_WRITEFUNCTION, (void*)append); - curl_easy_setopt(this->curl, CURLOPT_WRITEDATA, (void*)result); + curl_easy_setopt(this->curl, CURLOPT_WRITEFUNCTION, (void*)curl_cb); + curl_easy_setopt(this->curl, CURLOPT_WRITEDATA, &data); if (this->headers) { curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, this->headers); @@ -104,10 +122,7 @@ METHOD(fetcher_t, fetch, status_t, METHOD(fetcher_t, set_option, bool, private_curl_fetcher_t *this, fetcher_option_t option, ...) { -<<<<<<< HEAD -======= bool supported = TRUE; ->>>>>>> upstream/4.5.1 va_list args; va_start(args, option); @@ -119,11 +134,7 @@ METHOD(fetcher_t, set_option, bool, curl_easy_setopt(this->curl, CURLOPT_POSTFIELDS, (char*)data.ptr); curl_easy_setopt(this->curl, CURLOPT_POSTFIELDSIZE, data.len); -<<<<<<< HEAD - return TRUE; -======= break; ->>>>>>> upstream/4.5.1 } case FETCH_REQUEST_TYPE: { @@ -132,44 +143,30 @@ METHOD(fetcher_t, set_option, bool, snprintf(header, BUF_LEN, "Content-Type: %s", request_type); this->headers = curl_slist_append(this->headers, header); -<<<<<<< HEAD - return TRUE; -======= break; ->>>>>>> upstream/4.5.1 } case FETCH_REQUEST_HEADER: { char *header = va_arg(args, char*); this->headers = curl_slist_append(this->headers, header); -<<<<<<< HEAD - return TRUE; -======= break; ->>>>>>> upstream/4.5.1 } case FETCH_HTTP_VERSION_1_0: { curl_easy_setopt(this->curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); -<<<<<<< HEAD - return TRUE; -======= break; ->>>>>>> upstream/4.5.1 } case FETCH_TIMEOUT: { curl_easy_setopt(this->curl, CURLOPT_CONNECTTIMEOUT, va_arg(args, u_int)); -<<<<<<< HEAD - return TRUE; + break; } - default: - return FALSE; - } -======= + case FETCH_CALLBACK: + { + this->cb = va_arg(args, fetcher_callback_t); break; } default: @@ -178,7 +175,6 @@ METHOD(fetcher_t, set_option, bool, } va_end(args); return supported; ->>>>>>> upstream/4.5.1 } METHOD(fetcher_t, destroy, void, @@ -205,6 +201,7 @@ curl_fetcher_t *curl_fetcher_create() }, }, .curl = curl_easy_init(), + .cb = fetcher_default_callback, ); if (!this->curl) diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c index 41026f407..d0e532055 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.c +++ b/src/libstrongswan/plugins/curl/curl_plugin.c @@ -34,15 +34,14 @@ struct private_curl_plugin_t { curl_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of curl_plugin_t.curltroy - */ -static void destroy(private_curl_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_curl_plugin_t *this) +{ + return "curl"; +} + METHOD(plugin_t, destroy, void, private_curl_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->fetcher->remove_fetcher(lib->fetcher, (fetcher_constructor_t)curl_fetcher_create); @@ -56,21 +55,17 @@ METHOD(plugin_t, destroy, void, plugin_t *curl_plugin_create() { CURLcode res; -<<<<<<< HEAD - private_curl_plugin_t *this = malloc_thing(private_curl_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_curl_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 res = curl_global_init(CURL_GLOBAL_NOTHING); if (res == CURLE_OK) diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index 9f49f45f4..d24ac40f8 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c index 7d9fbe852..695e7e4c4 100644 --- a/src/libstrongswan/plugins/des/des_crypter.c +++ b/src/libstrongswan/plugins/des/des_crypter.c @@ -1552,6 +1552,7 @@ METHOD(crypter_t, set_key3, void, METHOD(crypter_t, destroy, void, private_des_crypter_t *this) { + memwipe(this, sizeof(*this)); free(this); } diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c index 14c5420ea..78b73347d 100644 --- a/src/libstrongswan/plugins/des/des_plugin.c +++ b/src/libstrongswan/plugins/des/des_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "des_crypter.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "des"; - ->>>>>>> upstream/4.5.1 typedef struct private_des_plugin_t private_des_plugin_t; /** @@ -36,6 +31,12 @@ struct private_des_plugin_t { des_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_des_plugin_t *this) +{ + return "des"; +} + METHOD(plugin_t, destroy, void, private_des_plugin_t *this) { @@ -54,24 +55,18 @@ plugin_t *des_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, - (crypter_constructor_t)des_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, - (crypter_constructor_t)des_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, -======= - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this), (crypter_constructor_t)des_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this), (crypter_constructor_t)des_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this), (crypter_constructor_t)des_crypter_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index 262d64565..62c52498c 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c index 75743ae2e..4e08746f8 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c @@ -31,15 +31,14 @@ struct private_dnskey_plugin_t { dnskey_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of dnskey_plugin_t.dnskeytroy - */ -static void destroy(private_dnskey_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_dnskey_plugin_t *this) +{ + return "dnskey"; +} + METHOD(plugin_t, destroy, void, private_dnskey_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)dnskey_public_key_load); @@ -51,22 +50,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *dnskey_plugin_create() { -<<<<<<< HEAD - private_dnskey_plugin_t *this = malloc_thing(private_dnskey_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - -======= private_dnskey_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)dnskey_public_key_load); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index 6bd31f0e1..e88a102b8 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c index 27a3b9cc6..ee71f6efd 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c @@ -106,12 +106,8 @@ static void chunk_mod(size_t length, chunk_t chunk, u_int8_t buffer[]) * 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78, * 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16 */ -<<<<<<< HEAD -static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) -======= METHOD(prf_t, get_bytes, void, private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) ->>>>>>> upstream/4.5.1 { int i; u_int8_t xval[this->b]; @@ -144,19 +140,6 @@ METHOD(prf_t, get_bytes, void, /* 3.3 done already, mod q not used */ } -<<<<<<< HEAD -/** - * Implementation of prf_t.get_block_size. - */ -static size_t get_block_size(private_fips_prf_t *this) -{ - return 2 * this->b; -} -/** - * Implementation of prf_t.allocate_bytes. - */ -static void allocate_bytes(private_fips_prf_t *this, chunk_t seed, chunk_t *chunk) -======= METHOD(prf_t, get_block_size, size_t, private_fips_prf_t *this) { @@ -164,34 +147,19 @@ METHOD(prf_t, get_block_size, size_t, } METHOD(prf_t, allocate_bytes, void, private_fips_prf_t *this, chunk_t seed, chunk_t *chunk) ->>>>>>> upstream/4.5.1 { *chunk = chunk_alloc(get_block_size(this)); get_bytes(this, seed, chunk->ptr); } -<<<<<<< HEAD -/** - * Implementation of prf_t.get_key_size. - */ -static size_t get_key_size(private_fips_prf_t *this) -======= METHOD(prf_t, get_key_size, size_t, private_fips_prf_t *this) ->>>>>>> upstream/4.5.1 { return this->b; } -<<<<<<< HEAD -/** - * Implementation of prf_t.set_key. - */ -static void set_key(private_fips_prf_t *this, chunk_t key) -======= METHOD(prf_t, set_key, void, private_fips_prf_t *this, chunk_t key) ->>>>>>> upstream/4.5.1 { /* save key as "key mod 2^b" */ chunk_mod(this->b, key, this->key); @@ -223,15 +191,8 @@ void g_sha1(private_fips_prf_t *this, chunk_t c, u_int8_t res[]) this->keyed_prf->get_bytes(this->keyed_prf, c, res); } -<<<<<<< HEAD -/** - * Implementation of prf_t.destroy. - */ -static void destroy(private_fips_prf_t *this) -======= METHOD(prf_t, destroy, void, private_fips_prf_t *this) ->>>>>>> upstream/4.5.1 { this->keyed_prf->destroy(this->keyed_prf); free(this->key); @@ -243,16 +204,6 @@ METHOD(prf_t, destroy, void, */ fips_prf_t *fips_prf_create(pseudo_random_function_t algo) { -<<<<<<< HEAD - private_fips_prf_t *this = malloc_thing(private_fips_prf_t); - - this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes; - this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes; - this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size; - this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; - this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; - this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; -======= private_fips_prf_t *this; INIT(this, @@ -267,7 +218,6 @@ fips_prf_t *fips_prf_create(pseudo_random_function_t algo) }, }, ); ->>>>>>> upstream/4.5.1 switch (algo) { diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c index 202d6653a..7038da146 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "fips_prf.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "fips-prf"; - ->>>>>>> upstream/4.5.1 typedef struct private_fips_prf_plugin_t private_fips_prf_plugin_t; /** @@ -36,15 +31,14 @@ struct private_fips_prf_plugin_t { fips_prf_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of fips_prf_plugin_t.destroy - */ -static void destroy(private_fips_prf_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_fips_prf_plugin_t *this) +{ + return "fips-prf"; +} + METHOD(plugin_t, destroy, void, private_fips_prf_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->crypto->remove_prf(lib->crypto, (prf_constructor_t)fips_prf_create); @@ -56,20 +50,14 @@ METHOD(plugin_t, destroy, void, */ plugin_t *fips_prf_plugin_create() { -<<<<<<< HEAD - private_fips_prf_plugin_t *this = malloc_thing(private_fips_prf_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, - (prf_constructor_t)fips_prf_create); -======= private_fips_prf_plugin_t *this; prf_t *prf; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, @@ -79,10 +67,9 @@ plugin_t *fips_prf_plugin_create() if (prf) { prf->destroy(prf); - lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, get_name(this), (prf_constructor_t)fips_prf_create); } ->>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index 7f5a59abd..202849eb6 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/gcm/gcm_plugin.c b/src/libstrongswan/plugins/gcm/gcm_plugin.c index 984026778..4b46f0ee4 100644 --- a/src/libstrongswan/plugins/gcm/gcm_plugin.c +++ b/src/libstrongswan/plugins/gcm/gcm_plugin.c @@ -19,11 +19,6 @@ #include "gcm_aead.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "gcm"; - ->>>>>>> upstream/4.5.1 typedef struct private_gcm_plugin_t private_gcm_plugin_t; /** @@ -37,6 +32,12 @@ struct private_gcm_plugin_t { gcm_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_gcm_plugin_t *this) +{ + return "gcm"; +} + METHOD(plugin_t, destroy, void, private_gcm_plugin_t *this) { @@ -52,35 +53,29 @@ METHOD(plugin_t, destroy, void, plugin_t *gcm_plugin_create() { private_gcm_plugin_t *this; -<<<<<<< HEAD -======= crypter_t *crypter; ->>>>>>> upstream/4.5.1 INIT(this, - .public.plugin.destroy = _destroy, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, ); -<<<<<<< HEAD - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV8, - (aead_constructor_t)gcm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV12, - (aead_constructor_t)gcm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16, - (aead_constructor_t)gcm_aead_create); -======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 0); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV8, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV8, get_name(this), (aead_constructor_t)gcm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV12, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV12, get_name(this), (aead_constructor_t)gcm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16, get_name(this), (aead_constructor_t)gcm_aead_create); } ->>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index bb4e29b3b..bedb918b9 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index c709d497f..e26277b0b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -29,11 +29,6 @@ #include <errno.h> #include <gcrypt.h> -<<<<<<< HEAD -======= -static const char *plugin_name = "gcrypt"; - ->>>>>>> upstream/4.5.1 typedef struct private_gcrypt_plugin_t private_gcrypt_plugin_t; /** @@ -98,6 +93,12 @@ static struct gcry_thread_cbs thread_functions = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; +METHOD(plugin_t, get_name, char*, + private_gcrypt_plugin_t *this) +{ + return "gcrypt"; +} + METHOD(plugin_t, destroy, void, private_gcrypt_plugin_t *this) { @@ -147,161 +148,87 @@ plugin_t *gcrypt_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); /* hashers */ -<<<<<<< HEAD - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, - (hasher_constructor_t)gcrypt_hasher_create); - - /* crypters */ - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAST, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, - (crypter_constructor_t)gcrypt_crypter_create); -#ifdef HAVE_GCRY_CIPHER_CAMELLIA - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, - (crypter_constructor_t)gcrypt_crypter_create); -#endif /* HAVE_GCRY_CIPHER_CAMELLIA */ - lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, - (crypter_constructor_t)gcrypt_crypter_create); - - /* random numbers */ - lib->crypto->add_rng(lib->crypto, RNG_WEAK, - (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, - (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, - (rng_constructor_t)gcrypt_rng_create); - - /* diffie hellman groups, using modp */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, -======= - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); /* crypters */ - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAST, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAST, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); #ifdef HAVE_GCRY_CIPHER_CAMELLIA - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); #endif /* HAVE_GCRY_CIPHER_CAMELLIA */ - lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); /* random numbers */ - lib->crypto->add_rng(lib->crypto, RNG_WEAK, plugin_name, + lib->crypto->add_rng(lib->crypto, RNG_WEAK, get_name(this), (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, plugin_name, + lib->crypto->add_rng(lib->crypto, RNG_STRONG, get_name(this), (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, plugin_name, + lib->crypto->add_rng(lib->crypto, RNG_TRUE, get_name(this), (rng_constructor_t)gcrypt_rng_create); /* diffie hellman groups, using modp */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this), (dh_constructor_t)gcrypt_dh_create_custom); /* RSA */ diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index dde840936..18592ab4a 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index 798602e84..55ccd4a4f 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -20,11 +20,6 @@ #include "gmp_rsa_private_key.h" #include "gmp_rsa_public_key.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "gmp"; - ->>>>>>> upstream/4.5.1 typedef struct private_gmp_plugin_t private_gmp_plugin_t; /** @@ -38,6 +33,12 @@ struct private_gmp_plugin_t { gmp_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_gmp_plugin_t *this) +{ + return "gmp"; +} + METHOD(plugin_t, destroy, void, private_gmp_plugin_t *this) { @@ -64,62 +65,37 @@ plugin_t *gmp_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, -======= - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create_custom); lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index e8355ab21..b9e2cd817 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c index c7b2739df..397a1ea11 100644 --- a/src/libstrongswan/plugins/hmac/hmac.c +++ b/src/libstrongswan/plugins/hmac/hmac.c @@ -147,8 +147,8 @@ METHOD(hmac_t, destroy, void, private_hmac_t *this) { this->h->destroy(this->h); - free(this->opaded_key.ptr); - free(this->ipaded_key.ptr); + chunk_clear(&this->opaded_key); + chunk_clear(&this->ipaded_key); free(this); } diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c index c15a29b1c..47d6d3cde 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.c +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c @@ -19,11 +19,6 @@ #include "hmac_signer.h" #include "hmac_prf.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "hmac"; - ->>>>>>> upstream/4.5.1 typedef struct private_hmac_plugin_t private_hmac_plugin_t; /** @@ -37,6 +32,12 @@ struct private_hmac_plugin_t { hmac_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_hmac_plugin_t *this) +{ + return "hmac"; +} + METHOD(plugin_t, destroy, void, private_hmac_plugin_t *this) { @@ -53,74 +54,40 @@ METHOD(plugin_t, destroy, void, plugin_t *hmac_plugin_create() { private_hmac_plugin_t *this; -<<<<<<< HEAD -======= hasher_t *hasher; ->>>>>>> upstream/4.5.1 INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, - (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, - (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, - (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, - (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, - (prf_constructor_t)hmac_prf_create); - - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, - (signer_constructor_t)hmac_signer_create); -======= hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher) { hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, get_name(this), (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, get_name(this), (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, get_name(this), (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, get_name(this), (signer_constructor_t)hmac_signer_create); } hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA256); if (hasher) { hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, get_name(this), (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, get_name(this), (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256, get_name(this), (signer_constructor_t)hmac_signer_create); } @@ -128,34 +95,33 @@ plugin_t *hmac_plugin_create() if (hasher) { hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, get_name(this), (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, get_name(this), (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, get_name(this), (signer_constructor_t)hmac_signer_create); } hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA384); if (hasher) { hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, get_name(this), (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, get_name(this), (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384, get_name(this), (signer_constructor_t)hmac_signer_create); } hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA512); if (hasher) { hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, get_name(this), (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, get_name(this), (signer_constructor_t)hmac_signer_create); } ->>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 7dd7e92f0..b496ace28 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c index 57c367ca1..fc6114b0a 100644 --- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c +++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c @@ -100,13 +100,8 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response) } -<<<<<<< HEAD -static status_t fetch(private_ldap_fetcher_t *this, char *url, - chunk_t *result, va_list args) -======= METHOD(fetcher_t, fetch, status_t, - private_ldap_fetcher_t *this, char *url, chunk_t *result) ->>>>>>> upstream/4.5.1 + private_ldap_fetcher_t *this, char *url, void *userdata) { LDAP *ldap; LDAPURLDesc *lurl; @@ -115,6 +110,7 @@ METHOD(fetcher_t, fetch, status_t, int ldap_version = LDAP_VERSION3; struct timeval timeout; status_t status = FAILED; + chunk_t *result = userdata; if (!strneq(url, "ldap", 4)) { @@ -171,15 +167,8 @@ METHOD(fetcher_t, fetch, status_t, } -<<<<<<< HEAD -/** - * Implementation of fetcher_t.set_option. - */ -static bool set_option(private_ldap_fetcher_t *this, fetcher_option_t option, ...) -======= METHOD(fetcher_t, set_option, bool, private_ldap_fetcher_t *this, fetcher_option_t option, ...) ->>>>>>> upstream/4.5.1 { va_list args; @@ -196,15 +185,8 @@ METHOD(fetcher_t, set_option, bool, } } -<<<<<<< HEAD -/** - * Implements ldap_fetcher_t.destroy - */ -static void destroy(private_ldap_fetcher_t *this) -======= METHOD(fetcher_t, destroy, void, private_ldap_fetcher_t *this) ->>>>>>> upstream/4.5.1 { free(this); } @@ -214,15 +196,6 @@ METHOD(fetcher_t, destroy, void, */ ldap_fetcher_t *ldap_fetcher_create() { -<<<<<<< HEAD - private_ldap_fetcher_t *this = malloc_thing(private_ldap_fetcher_t); - - this->public.interface.fetch = (status_t(*)(fetcher_t*,char*,chunk_t*))fetch; - this->public.interface.set_option = (bool(*)(fetcher_t*, fetcher_option_t option, ...))set_option; - this->public.interface.destroy = (void (*)(fetcher_t*))destroy; - - this->timeout = DEFAULT_TIMEOUT; -======= private_ldap_fetcher_t *this; INIT(this, @@ -235,7 +208,6 @@ ldap_fetcher_t *ldap_fetcher_create() }, .timeout = DEFAULT_TIMEOUT, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c index 434a023ce..08d9748ce 100644 --- a/src/libstrongswan/plugins/ldap/ldap_plugin.c +++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c @@ -31,15 +31,14 @@ struct private_ldap_plugin_t { ldap_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of ldap_plugin_t.destroy - */ -static void destroy(private_ldap_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_ldap_plugin_t *this) +{ + return "ldap"; +} + METHOD(plugin_t, destroy, void, private_ldap_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->fetcher->remove_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create); @@ -51,21 +50,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *ldap_plugin_create() { -<<<<<<< HEAD - private_ldap_plugin_t *this = malloc_thing(private_ldap_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_ldap_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create, "ldap://"); diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 4f69538a8..82781054b 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c index cdb0fe914..371bba280 100644 --- a/src/libstrongswan/plugins/md4/md4_plugin.c +++ b/src/libstrongswan/plugins/md4/md4_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "md4_hasher.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "md4"; - ->>>>>>> upstream/4.5.1 typedef struct private_md4_plugin_t private_md4_plugin_t; /** @@ -36,15 +31,14 @@ struct private_md4_plugin_t { md4_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of md4_plugin_t.destroy - */ -static void destroy(private_md4_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_md4_plugin_t *this) +{ + return "md4"; +} + METHOD(plugin_t, destroy, void, private_md4_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)md4_hasher_create); @@ -56,25 +50,19 @@ METHOD(plugin_t, destroy, void, */ plugin_t *md4_plugin_create() { -<<<<<<< HEAD - private_md4_plugin_t *this = malloc_thing(private_md4_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_hasher(lib->crypto, HASH_MD4, -======= private_md4_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this), (hasher_constructor_t)md4_hasher_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index c0ffec7ad..0e3c37e7e 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c index 015274ddf..c72284193 100644 --- a/src/libstrongswan/plugins/md5/md5_plugin.c +++ b/src/libstrongswan/plugins/md5/md5_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "md5_hasher.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "md5"; - ->>>>>>> upstream/4.5.1 typedef struct private_md5_plugin_t private_md5_plugin_t; /** @@ -36,15 +31,14 @@ struct private_md5_plugin_t { md5_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of md5_plugin_t.destroy - */ -static void destroy(private_md5_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_md5_plugin_t *this) +{ + return "md5"; +} + METHOD(plugin_t, destroy, void, private_md5_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)md5_hasher_create); @@ -56,25 +50,19 @@ METHOD(plugin_t, destroy, void, */ plugin_t *md5_plugin_create() { -<<<<<<< HEAD - private_md5_plugin_t *this = malloc_thing(private_md5_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_hasher(lib->crypto, HASH_MD5, -======= private_md5_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), (hasher_constructor_t)md5_hasher_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 7a6c57dd1..32067d5b4 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c index 0b9f8285d..5fbfa0f28 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.c +++ b/src/libstrongswan/plugins/mysql/mysql_database.c @@ -474,15 +474,8 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) return TRUE; } -<<<<<<< HEAD -/** - * Implementation of database_t.query. - */ -static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) -======= METHOD(database_t, query, enumerator_t*, private_mysql_database_t *this, char *sql, ...) ->>>>>>> upstream/4.5.1 { MYSQL_STMT *stmt; va_list args; @@ -568,15 +561,8 @@ METHOD(database_t, query, enumerator_t*, return (enumerator_t*)enumerator; } -<<<<<<< HEAD -/** - * Implementation of database_t.execute. - */ -static int execute(private_mysql_database_t *this, int *rowid, char *sql, ...) -======= METHOD(database_t, execute, int, private_mysql_database_t *this, int *rowid, char *sql, ...) ->>>>>>> upstream/4.5.1 { MYSQL_STMT *stmt; va_list args; @@ -604,28 +590,14 @@ METHOD(database_t, execute, int, return affected; } -<<<<<<< HEAD -/** - * Implementation of database_t.get_driver - */ -static db_driver_t get_driver(private_mysql_database_t *this) -======= METHOD(database_t, get_driver,db_driver_t, private_mysql_database_t *this) ->>>>>>> upstream/4.5.1 { return DB_MYSQL; } -<<<<<<< HEAD -/** - * Implementation of database_t.destroy - */ -static void destroy(private_mysql_database_t *this) -======= METHOD(database_t, destroy, void, private_mysql_database_t *this) ->>>>>>> upstream/4.5.1 { this->pool->destroy_function(this->pool, (void*)conn_destroy); this->mutex->destroy(this->mutex); @@ -697,14 +669,6 @@ mysql_database_t *mysql_database_create(char *uri) return NULL; } -<<<<<<< HEAD - this = malloc_thing(private_mysql_database_t); - - this->public.db.query = (enumerator_t* (*)(database_t *this, char *sql, ...))query; - this->public.db.execute = (int (*)(database_t *this, int *rowid, char *sql, ...))execute; - this->public.db.get_driver = (db_driver_t(*)(database_t*))get_driver; - this->public.db.destroy = (void(*)(database_t*))destroy; -======= INIT(this, .public = { .db = { @@ -715,7 +679,6 @@ mysql_database_t *mysql_database_create(char *uri) }, }, ); ->>>>>>> upstream/4.5.1 if (!parse_uri(this, uri)) { diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c index 738bbeddb..579df4d50 100644 --- a/src/libstrongswan/plugins/mysql/mysql_plugin.c +++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c @@ -32,15 +32,14 @@ struct private_mysql_plugin_t { mysql_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_mysql_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_mysql_plugin_t *this) +{ + return "mysql"; +} + METHOD(plugin_t, destroy, void, private_mysql_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->db->remove_database(lib->db, (database_constructor_t)mysql_database_create); @@ -61,18 +60,15 @@ plugin_t *mysql_plugin_create() return NULL; } -<<<<<<< HEAD - this = malloc_thing(private_mysql_plugin_t); - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->db->add_database(lib->db, (database_constructor_t)mysql_database_create); diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index 4048bbd02..d1c8fce81 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -226,13 +226,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -253,6 +247,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -271,14 +267,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index 7708af958..58401faa5 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -382,11 +382,8 @@ static private_openssl_crl_t *create_empty() }, .get_serial = _get_serial, .get_authKeyIdentifier = _get_authKeyIdentifier, -<<<<<<< HEAD -======= .is_delta_crl = (void*)return_false, .create_delta_crl_uri_enumerator = (void*)enumerator_create_empty, ->>>>>>> upstream/4.5.1 .create_enumerator = _create_enumerator, }, }, @@ -463,9 +460,6 @@ static bool parse_extensions(private_openssl_crl_t *this) ok = parse_crlNumber_ext(this, ext); break; default: -<<<<<<< HEAD - ok = TRUE; -======= ok = X509_EXTENSION_get_critical(ext) == 0 || !lib->settings->get_bool(lib->settings, "libstrongswan.x509.enforce_critical", TRUE); @@ -474,7 +468,6 @@ static bool parse_extensions(private_openssl_crl_t *this) DBG1(DBG_LIB, "found unsupported critical X.509 " "CRL extension"); } ->>>>>>> upstream/4.5.1 break; } if (!ok) diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c index 2ed07ff0c..cd9a3bd4a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.c +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c @@ -152,7 +152,7 @@ METHOD(crypter_t, set_key, void, METHOD(crypter_t, destroy, void, private_openssl_crypter_t *this) { - free(this->key.ptr); + chunk_clear(&this->key); free(this); } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index 32fc2bccd..78ed2811a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -257,7 +257,7 @@ METHOD(diffie_hellman_t, destroy, void, { EC_POINT_clear_free(this->pub_key); EC_KEY_free(this->key); - chunk_free(&this->shared_secret); + chunk_clear(&this->shared_secret); free(this); } diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index cf48b4c15..96aa38bb6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -41,11 +41,6 @@ #include "openssl_x509.h" #include "openssl_crl.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "openssl"; - ->>>>>>> upstream/4.5.1 typedef struct private_openssl_plugin_t private_openssl_plugin_t; /** @@ -198,6 +193,12 @@ static void threading_cleanup() mutex = NULL; } +METHOD(plugin_t, get_name, char*, + private_openssl_plugin_t *this) +{ + return "openssl"; +} + METHOD(plugin_t, destroy, void, private_openssl_plugin_t *this) { @@ -253,6 +254,8 @@ plugin_t *openssl_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, @@ -277,167 +280,85 @@ plugin_t *openssl_plugin_create() } /* crypter */ -<<<<<<< HEAD - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_RC5, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAST, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_NULL, - (crypter_constructor_t)openssl_crypter_create); - - /* hasher */ - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD2, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, - (hasher_constructor_t)openssl_hasher_create); - - /* prf */ - lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, - (prf_constructor_t)openssl_sha1_prf_create); - - /* (ec) diffie hellman */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); -#ifndef OPENSSL_NO_EC - lib->crypto->add_dh(lib->crypto, ECP_256_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_384_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_521_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_224_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_192_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); -#endif /* OPENSSL_NO_EC */ - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, -======= - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_RC5, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_RC5, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAST, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAST, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_NULL, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_NULL, get_name(this), (crypter_constructor_t)openssl_crypter_create); /* hasher */ - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD2, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD2, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), (hasher_constructor_t)openssl_hasher_create); /* prf */ - lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, get_name(this), (prf_constructor_t)openssl_sha1_prf_create); /* (ec) diffie hellman */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); #ifndef OPENSSL_NO_EC - lib->crypto->add_dh(lib->crypto, ECP_256_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_256_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_384_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_384_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_521_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_521_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_224_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_224_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_192_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_192_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); #endif /* OPENSSL_NO_EC */ - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); /* rsa */ diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 0b607c386..d1afd94cc 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -455,6 +455,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, return NULL; } +#ifndef OPENSSL_NO_ENGINE /** * Login to engine with a PIN specified for a keyid */ @@ -496,6 +497,7 @@ static bool login(ENGINE *engine, chunk_t keyid) } return success; } +#endif /* OPENSSL_NO_ENGINE */ /** * See header. diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 7c7f2aa06..f7495b2ae 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -84,11 +84,7 @@ struct private_openssl_x509_t { /** * Pathlen constraint */ -<<<<<<< HEAD - int pathlen; -======= u_char pathlen; ->>>>>>> upstream/4.5.1 /** * certificate subject @@ -141,11 +137,7 @@ struct private_openssl_x509_t { linked_list_t *issuerAltNames; /** -<<<<<<< HEAD - * List of CRL URIs -======= * List of CRL URIs, as x509_cdp_t ->>>>>>> upstream/4.5.1 */ linked_list_t *crl_uris; @@ -161,8 +153,6 @@ struct private_openssl_x509_t { }; /** -<<<<<<< HEAD -======= * Destroy a CRL URI struct */ static void crl_uri_destroy(x509_cdp_t *this) @@ -173,7 +163,6 @@ static void crl_uri_destroy(x509_cdp_t *this) } /** ->>>>>>> upstream/4.5.1 * Convert a GeneralName to an identification_t. */ static identification_t *general_name2id(GENERAL_NAME *name) @@ -261,12 +250,6 @@ METHOD(x509_t, get_authKeyIdentifier, chunk_t, return chunk_empty; } -<<<<<<< HEAD -METHOD(x509_t, get_pathLenConstraint, int, - private_openssl_x509_t *this) -{ - return this->pathlen; -======= METHOD(x509_t, get_constraint, u_int, private_openssl_x509_t *this, x509_constraint_t type) { @@ -277,7 +260,6 @@ METHOD(x509_t, get_constraint, u_int, default: return X509_NO_CONSTRAINT; } ->>>>>>> upstream/4.5.1 } METHOD(x509_t, create_subjectAltName_enumerator, enumerator_t*, @@ -298,16 +280,6 @@ METHOD(x509_t, create_ocsp_uri_enumerator, enumerator_t*, return this->ocsp_uris->create_enumerator(this->ocsp_uris); } -<<<<<<< HEAD -METHOD(x509_t, create_ipAddrBlock_enumerator, enumerator_t*, - private_openssl_x509_t *this) -{ - /* TODO */ - return enumerator_create_empty(); -} - -======= ->>>>>>> upstream/4.5.1 METHOD(certificate_t, get_type, certificate_type_t, private_openssl_x509_t *this) { @@ -520,11 +492,7 @@ METHOD(certificate_t, destroy, void, offsetof(identification_t, destroy)); this->issuerAltNames->destroy_offset(this->issuerAltNames, offsetof(identification_t, destroy)); -<<<<<<< HEAD - this->crl_uris->destroy_function(this->crl_uris, free); -======= this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy); ->>>>>>> upstream/4.5.1 this->ocsp_uris->destroy_function(this->ocsp_uris, free); free(this); } @@ -558,13 +526,6 @@ static private_openssl_x509_t *create_empty() .get_serial = _get_serial, .get_subjectKeyIdentifier = _get_subjectKeyIdentifier, .get_authKeyIdentifier = _get_authKeyIdentifier, -<<<<<<< HEAD - .get_pathLenConstraint = _get_pathLenConstraint, - .create_subjectAltName_enumerator = _create_subjectAltName_enumerator, - .create_crl_uri_enumerator = _create_crl_uri_enumerator, - .create_ocsp_uri_enumerator = _create_ocsp_uri_enumerator, - .create_ipAddrBlock_enumerator = _create_ipAddrBlock_enumerator, -======= .get_constraint = _get_constraint, .create_subjectAltName_enumerator = _create_subjectAltName_enumerator, .create_crl_uri_enumerator = _create_crl_uri_enumerator, @@ -573,18 +534,13 @@ static private_openssl_x509_t *create_empty() .create_name_constraint_enumerator = (void*)enumerator_create_empty, .create_cert_policy_enumerator = (void*)enumerator_create_empty, .create_policy_mapping_enumerator = (void*)enumerator_create_empty, ->>>>>>> upstream/4.5.1 }, }, .subjectAltNames = linked_list_create(), .issuerAltNames = linked_list_create(), .crl_uris = linked_list_create(), .ocsp_uris = linked_list_create(), -<<<<<<< HEAD - .pathlen = X509_NO_PATH_LEN_CONSTRAINT, -======= .pathlen = X509_NO_CONSTRAINT, ->>>>>>> upstream/4.5.1 .ref = 1, ); @@ -630,10 +586,7 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, X509_EXTENSION *ext) { BASIC_CONSTRAINTS *constraints; -<<<<<<< HEAD -======= long pathlen; ->>>>>>> upstream/4.5.1 constraints = (BASIC_CONSTRAINTS*)X509V3_EXT_d2i(ext); if (constraints) @@ -644,14 +597,10 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, } if (constraints->pathlen) { -<<<<<<< HEAD - this->pathlen = ASN1_INTEGER_get(constraints->pathlen); -======= pathlen = ASN1_INTEGER_get(constraints->pathlen); this->pathlen = (pathlen >= 0 && pathlen < 128) ? pathlen : X509_NO_CONSTRAINT; ->>>>>>> upstream/4.5.1 } BASIC_CONSTRAINTS_free(constraints); return TRUE; @@ -667,16 +616,10 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, { CRL_DIST_POINTS *cdps; DIST_POINT *cdp; -<<<<<<< HEAD - identification_t *id; - char *uri; - int i, j, point_num, name_num; -======= identification_t *id, *issuer; x509_cdp_t *entry; char *uri; int i, j, k, point_num, name_num, issuer_num; ->>>>>>> upstream/4.5.1 cdps = X509V3_EXT_d2i(ext); if (!cdps) @@ -701,9 +644,6 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, { if (asprintf(&uri, "%Y", id) > 0) { -<<<<<<< HEAD - this->crl_uris->insert_first(this->crl_uris, uri); -======= if (cdp->CRLissuer) { issuer_num = sk_GENERAL_NAME_num(cdp->CRLissuer); @@ -730,16 +670,12 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, ); this->crl_uris->insert_last(this->crl_uris, entry); } ->>>>>>> upstream/4.5.1 } id->destroy(id); } } } -<<<<<<< HEAD -======= ->>>>>>> upstream/4.5.1 DIST_POINT_free(cdp); } } @@ -872,9 +808,6 @@ static bool parse_extensions(private_openssl_x509_t *this) ok = parse_crlDistributionPoints_ext(this, ext); break; default: -<<<<<<< HEAD - ok = TRUE; -======= ok = X509_EXTENSION_get_critical(ext) == 0 || !lib->settings->get_bool(lib->settings, "libstrongswan.x509.enforce_critical", TRUE); @@ -882,7 +815,6 @@ static bool parse_extensions(private_openssl_x509_t *this) { DBG1(DBG_LIB, "found unsupported critical X.509 extension"); } ->>>>>>> upstream/4.5.1 break; } if (!ok) @@ -940,8 +872,6 @@ static bool parse_certificate(private_openssl_x509_t *this) { return FALSE; } -<<<<<<< HEAD -======= if (X509_get_version(this->x509) < 0 || X509_get_version(this->x509) > 2) { DBG1(DBG_LIB, "unsupported x509 version: %d", @@ -949,7 +879,6 @@ static bool parse_certificate(private_openssl_x509_t *this) return FALSE; } ->>>>>>> upstream/4.5.1 this->subject = openssl_x509_name2id(X509_get_subject_name(this->x509)); this->issuer = openssl_x509_name2id(X509_get_issuer_name(this->x509)); @@ -993,11 +922,7 @@ static bool parse_certificate(private_openssl_x509_t *this) if (!parse_extensions(this)) { -<<<<<<< HEAD - return TRUE; -======= return FALSE; ->>>>>>> upstream/4.5.1 } parse_extKeyUsage(this); diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 24c7441d7..7bc342995 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c index 06c20292f..119de86aa 100644 --- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c +++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c @@ -105,6 +105,8 @@ static void crypt(private_padlock_aes_crypter_t *this, char *iv, *dst = chunk_alloc(src.len); padlock_crypt(key_aligned, &cword, src.ptr, dst->ptr, src.len / AES_BLOCK_SIZE, iv_aligned); + + memwipe(key_aligned, sizeof(key_aligned)); } METHOD(crypter_t, decrypt, void, @@ -146,7 +148,7 @@ METHOD(crypter_t, set_key, void, METHOD(crypter_t, destroy, void, private_padlock_aes_crypter_t *this) { - free(this->key.ptr); + chunk_clear(&this->key); free(this); } diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c index a78f2076b..9d4afd8e8 100644 --- a/src/libstrongswan/plugins/padlock/padlock_plugin.c +++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c @@ -23,11 +23,6 @@ #include <library.h> #include <debug.h> -<<<<<<< HEAD -======= -static const char *plugin_name = "padlock"; - ->>>>>>> upstream/4.5.1 typedef struct private_padlock_plugin_t private_padlock_plugin_t; typedef enum padlock_feature_t padlock_feature_t; @@ -106,6 +101,12 @@ static padlock_feature_t get_padlock_features() return 0; } +METHOD(plugin_t, get_name, char*, + private_padlock_plugin_t *this) +{ + return "padlock"; +} + METHOD(plugin_t, destroy, void, private_padlock_plugin_t *this) { @@ -141,6 +142,8 @@ plugin_t *padlock_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, @@ -166,37 +169,21 @@ plugin_t *padlock_plugin_create() if (this->features & PADLOCK_RNG_ENABLED) { -<<<<<<< HEAD - lib->crypto->add_rng(lib->crypto, RNG_TRUE, - (rng_constructor_t)padlock_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, - (rng_constructor_t)padlock_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_WEAK, -======= - lib->crypto->add_rng(lib->crypto, RNG_TRUE, plugin_name, + lib->crypto->add_rng(lib->crypto, RNG_TRUE, get_name(this), (rng_constructor_t)padlock_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, plugin_name, + lib->crypto->add_rng(lib->crypto, RNG_STRONG, get_name(this), (rng_constructor_t)padlock_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_WEAK, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_rng(lib->crypto, RNG_WEAK, get_name(this), (rng_constructor_t)padlock_rng_create); } if (this->features & PADLOCK_ACE2_ENABLED) { -<<<<<<< HEAD - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, -======= - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this), (crypter_constructor_t)padlock_aes_crypter_create); } if (this->features & PADLOCK_PHE_ENABLED) { -<<<<<<< HEAD - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, -======= - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), (hasher_constructor_t)padlock_sha1_hasher_create); } return &this->public.plugin; diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 5a2469145..92c7fa2fe 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/pem/pem_encoder.c b/src/libstrongswan/plugins/pem/pem_encoder.c index 2a69e4ea6..9c8237e4d 100644 --- a/src/libstrongswan/plugins/pem/pem_encoder.c +++ b/src/libstrongswan/plugins/pem/pem_encoder.c @@ -111,11 +111,7 @@ bool pem_encoder_encode(cred_encoding_type_t type, chunk_t *encoding, } /* compute and allocate maximum size of PEM object */ -<<<<<<< HEAD - pem_chars = 4*(asn1.len + 2)/3; -======= pem_chars = 4 * ((asn1.len + 2) / 3); ->>>>>>> upstream/4.5.1 pem_lines = (asn1.len + BYTES_PER_LINE - 1) / BYTES_PER_LINE; *encoding = chunk_alloc(5 + 2*(6 + strlen(label) + 6) + 3 + pem_chars + pem_lines); pos = encoding->ptr; diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c index 0e6a4788c..c81605ae5 100644 --- a/src/libstrongswan/plugins/pem/pem_plugin.c +++ b/src/libstrongswan/plugins/pem/pem_plugin.c @@ -33,15 +33,14 @@ struct private_pem_plugin_t { pem_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of pem_plugin_t.pemtroy - */ -static void destroy(private_pem_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_pem_plugin_t *this) +{ + return "pem"; +} + METHOD(plugin_t, destroy, void, private_pem_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pem_private_key_load); @@ -57,21 +56,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pem_plugin_create() { -<<<<<<< HEAD - private_pem_plugin_t *this = malloc_thing(private_pem_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_pem_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 /* register private key PEM decoding builders */ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE, diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index 336e293be..6be915f29 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c index 762eb061f..52e9d96b1 100644 --- a/src/libstrongswan/plugins/pgp/pgp_plugin.c +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c @@ -33,15 +33,14 @@ struct private_pgp_plugin_t { pgp_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of pgp_plugin_t.pgptroy - */ -static void destroy(private_pgp_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_pgp_plugin_t *this) +{ + return "pgp"; +} + METHOD(plugin_t, destroy, void, private_pgp_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pgp_public_key_load); @@ -61,22 +60,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pgp_plugin_create() { -<<<<<<< HEAD - private_pgp_plugin_t *this = malloc_thing(private_pgp_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - -======= private_pgp_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)pgp_public_key_load); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, @@ -85,15 +79,8 @@ plugin_t *pgp_plugin_create() (builder_function_t)pgp_private_key_load); lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, (builder_function_t)pgp_private_key_load); -<<<<<<< HEAD - - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE, - (builder_function_t)pgp_cert_load); - -======= lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE, (builder_function_t)pgp_cert_load); ->>>>>>> upstream/4.5.1 lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index 2169d022c..1ae880c3b 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c index 88c848899..a605fabc7 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c @@ -57,7 +57,7 @@ static public_key_t *parse_public_key(chunk_t blob) int oid = asn1_parse_algorithmIdentifier(object, parser->get_level(parser)+1, NULL); - if (oid == OID_RSA_ENCRYPTION) + if (oid == OID_RSA_ENCRYPTION || oid == OID_RSAES_OAEP) { type = KEY_RSA; } diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c index d91de0e7f..e0e24cab2 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c @@ -32,15 +32,14 @@ struct private_pkcs1_plugin_t { pkcs1_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of pkcs1_plugin_t.pkcs1troy - */ -static void destroy(private_pkcs1_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_pkcs1_plugin_t *this) +{ + return "pkcs1"; +} + METHOD(plugin_t, destroy, void, private_pkcs1_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pkcs1_public_key_load); @@ -57,21 +56,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pkcs1_plugin_create() { -<<<<<<< HEAD - private_pkcs1_plugin_t *this = malloc_thing(private_pkcs1_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_pkcs1_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)pkcs1_public_key_load); diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index 8d6bad565..1a67f88cc 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c index 6783699e5..a81ec1147 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c @@ -55,16 +55,6 @@ struct private_pkcs11_creds_t { * Find certificates, optionally trusted */ static void find_certificates(private_pkcs11_creds_t *this, -<<<<<<< HEAD - CK_SESSION_HANDLE session, CK_BBOOL trusted) -{ - CK_OBJECT_CLASS class = CKO_CERTIFICATE; - CK_CERTIFICATE_TYPE type = CKC_X_509; - CK_ATTRIBUTE tmpl[] = { - {CKA_CLASS, &class, sizeof(class)}, - {CKA_CERTIFICATE_TYPE, &type, sizeof(type)}, - {CKA_TRUSTED, &trusted, sizeof(trusted)}, -======= CK_SESSION_HANDLE session) { CK_OBJECT_CLASS class = CKO_CERTIFICATE; @@ -73,16 +63,12 @@ static void find_certificates(private_pkcs11_creds_t *this, CK_ATTRIBUTE tmpl[] = { {CKA_CLASS, &class, sizeof(class)}, {CKA_CERTIFICATE_TYPE, &type, sizeof(type)}, ->>>>>>> upstream/4.5.1 }; CK_OBJECT_HANDLE object; CK_ATTRIBUTE attr[] = { {CKA_VALUE, NULL, 0}, {CKA_LABEL, NULL, 0}, -<<<<<<< HEAD -======= {CKA_TRUSTED, &trusted, sizeof(trusted)} ->>>>>>> upstream/4.5.1 }; enumerator_t *enumerator; linked_list_t *raw; @@ -90,13 +76,6 @@ static void find_certificates(private_pkcs11_creds_t *this, struct { chunk_t value; chunk_t label; -<<<<<<< HEAD - } *entry; - - raw = linked_list_create(); - enumerator = this->lib->create_object_enumerator(this->lib, - session, tmpl, countof(tmpl), attr, countof(attr)); -======= bool trusted; } *entry; int count = countof(attr); @@ -110,7 +89,6 @@ static void find_certificates(private_pkcs11_creds_t *this, } enumerator = this->lib->create_object_enumerator(this->lib, session, tmpl, countof(tmpl), attr, count); ->>>>>>> upstream/4.5.1 while (enumerator->enumerate(enumerator, &object)) { entry = malloc(sizeof(*entry)); @@ -118,10 +96,7 @@ static void find_certificates(private_pkcs11_creds_t *this, chunk_create(attr[0].pValue, attr[0].ulValueLen)); entry->label = chunk_clone( chunk_create(attr[1].pValue, attr[1].ulValueLen)); -<<<<<<< HEAD -======= entry->trusted = trusted; ->>>>>>> upstream/4.5.1 raw->insert_last(raw, entry); } enumerator->destroy(enumerator); @@ -134,17 +109,10 @@ static void find_certificates(private_pkcs11_creds_t *this, if (cert) { DBG1(DBG_CFG, " loaded %strusted cert '%.*s'", -<<<<<<< HEAD - trusted ? "" : "un", entry->label.len, entry->label.ptr); - /* trusted certificates are also returned as untrusted */ - this->untrusted->insert_last(this->untrusted, cert); - if (trusted) -======= entry->trusted ? "" : "un", entry->label.len, entry->label.ptr); /* trusted certificates are also returned as untrusted */ this->untrusted->insert_last(this->untrusted, cert); if (entry->trusted) ->>>>>>> upstream/4.5.1 { this->trusted->insert_last(this->trusted, cert->get_ref(cert)); } @@ -177,12 +145,7 @@ static bool load_certificates(private_pkcs11_creds_t *this) return FALSE; } -<<<<<<< HEAD - find_certificates(this, session, CK_TRUE); - find_certificates(this, session, CK_FALSE); -======= find_certificates(this, session); ->>>>>>> upstream/4.5.1 this->lib->f->C_CloseSession(session); return TRUE; diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c index 6d819da34..6f7926808 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c @@ -466,14 +466,11 @@ struct private_pkcs11_library_t { * Name as passed to the constructor */ char *name; -<<<<<<< HEAD -======= /** * Supported feature set */ pkcs11_feature_t features; ->>>>>>> upstream/4.5.1 }; METHOD(pkcs11_library_t, get_name, char*, @@ -482,15 +479,12 @@ METHOD(pkcs11_library_t, get_name, char*, return this->name; } -<<<<<<< HEAD -======= METHOD(pkcs11_library_t, get_features, pkcs11_feature_t, private_pkcs11_library_t *this) { return this->features; } ->>>>>>> upstream/4.5.1 /** * Object enumerator */ @@ -783,11 +777,6 @@ static CK_RV UnlockMutex(CK_VOID_PTR data) } /** -<<<<<<< HEAD - * Initialize a PKCS#11 library - */ -static bool initialize(private_pkcs11_library_t *this, char *name, char *file) -======= * Check if the library has at least a given cryptoki version */ static bool has_version(CK_INFO *info, int major, int minor) @@ -814,27 +803,19 @@ static void check_features(private_pkcs11_library_t *this, CK_INFO *info) */ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, bool os_locking) ->>>>>>> upstream/4.5.1 { CK_C_GetFunctionList pC_GetFunctionList; CK_INFO info; CK_RV rv; -<<<<<<< HEAD - CK_C_INITIALIZE_ARGS args = { -======= static CK_C_INITIALIZE_ARGS args = { ->>>>>>> upstream/4.5.1 .CreateMutex = CreateMutex, .DestroyMutex = DestroyMutex, .LockMutex = LockMutex, .UnlockMutex = UnlockMutex, }; -<<<<<<< HEAD -======= static CK_C_INITIALIZE_ARGS args_os = { .flags = CKF_OS_LOCKING_OK, }; ->>>>>>> upstream/4.5.1 pC_GetFunctionList = dlsym(this->handle, "C_GetFunctionList"); if (!pC_GetFunctionList) @@ -849,16 +830,6 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, name, ck_rv_names, rv); return FALSE; } -<<<<<<< HEAD - - rv = this->public.f->C_Initialize(&args); - if (rv == CKR_CANT_LOCK) - { /* try OS locking */ - memset(&args, 0, sizeof(args)); - args.flags = CKF_OS_LOCKING_OK; - rv = this->public.f->C_Initialize(&args); - } -======= if (os_locking) { rv = CKR_CANT_LOCK; @@ -872,7 +843,6 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, os_locking = TRUE; rv = this->public.f->C_Initialize(&args_os); } ->>>>>>> upstream/4.5.1 if (rv != CKR_OK) { DBG1(DBG_CFG, "C_Initialize() error for '%s': %N", @@ -898,40 +868,26 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, DBG1(DBG_CFG, " %s: %s v%d.%d", info.manufacturerID, info.libraryDescription, info.libraryVersion.major, info.libraryVersion.minor); -<<<<<<< HEAD - if (args.flags & CKF_OS_LOCKING_OK) - { - DBG1(DBG_CFG, " uses OS locking functions"); - } -======= if (os_locking) { DBG1(DBG_CFG, " uses OS locking functions"); } check_features(this, &info); ->>>>>>> upstream/4.5.1 return TRUE; } /** * See header */ -<<<<<<< HEAD -pkcs11_library_t *pkcs11_library_create(char *name, char *file) -======= pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking) ->>>>>>> upstream/4.5.1 { private_pkcs11_library_t *this; INIT(this, .public = { .get_name = _get_name, -<<<<<<< HEAD -======= .get_features = _get_features, ->>>>>>> upstream/4.5.1 .create_object_enumerator = _create_object_enumerator, .create_mechanism_enumerator = _create_mechanism_enumerator, .destroy = _destroy, @@ -947,11 +903,7 @@ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking) return NULL; } -<<<<<<< HEAD - if (!initialize(this, name, file)) -======= if (!initialize(this, name, file, os_locking)) ->>>>>>> upstream/4.5.1 { dlclose(this->handle); free(this); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h index 384258089..abe023448 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h @@ -21,10 +21,7 @@ #ifndef PKCS11_LIBRARY_H_ #define PKCS11_LIBRARY_H_ -<<<<<<< HEAD -======= typedef enum pkcs11_feature_t pkcs11_feature_t; ->>>>>>> upstream/4.5.1 typedef struct pkcs11_library_t pkcs11_library_t; #include "pkcs11.h" @@ -33,8 +30,6 @@ typedef struct pkcs11_library_t pkcs11_library_t; #include <utils/enumerator.h> /** -<<<<<<< HEAD -======= * Optional PKCS#11 features some libraries support, some not */ enum pkcs11_feature_t { @@ -45,7 +40,6 @@ enum pkcs11_feature_t { }; /** ->>>>>>> upstream/4.5.1 * A loaded and initialized PKCS#11 library. */ struct pkcs11_library_t { @@ -63,8 +57,6 @@ struct pkcs11_library_t { char* (*get_name)(pkcs11_library_t *this); /** -<<<<<<< HEAD -======= * Get the feature set supported by this library. * * @return ORed set of features supported @@ -72,7 +64,6 @@ struct pkcs11_library_t { pkcs11_feature_t (*get_features)(pkcs11_library_t *this); /** ->>>>>>> upstream/4.5.1 * Create an enumerator over CK_OBJECT_HANDLE using a search template. * * An optional attribute array is automatically filled in with the @@ -130,15 +121,9 @@ void pkcs11_library_trim(char *str, int len); * * @param name an arbitrary name, for debugging * @param file pkcs11 library file to dlopen() -<<<<<<< HEAD - * @return library abstraction - */ -pkcs11_library_t *pkcs11_library_create(char *name, char *file); -======= * @param os_lock enforce OS Locking for this library * @return library abstraction */ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_lock); ->>>>>>> upstream/4.5.1 #endif /** PKCS11_LIBRARY_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c index b7ca3538c..431cd6a2c 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c @@ -369,18 +369,14 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, "libstrongswan.plugins.pkcs11.modules.%s.path", NULL, module); if (!entry->path) { - DBG1(DBG_CFG, "PKCS11 module '%s' misses library path", module); + DBG1(DBG_CFG, "PKCS11 module '%s' lacks library path", module); free(entry); continue; } -<<<<<<< HEAD - entry->lib = pkcs11_library_create(module, entry->path); -======= entry->lib = pkcs11_library_create(module, entry->path, lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.modules.%s.os_locking", FALSE, module)); ->>>>>>> upstream/4.5.1 if (!entry->lib) { free(entry); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c index b02873870..7b537cfa7 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -26,11 +26,6 @@ #include "pkcs11_public_key.h" #include "pkcs11_hasher.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "pkcs11"; - ->>>>>>> upstream/4.5.1 typedef struct private_pkcs11_plugin_t private_pkcs11_plugin_t; /** @@ -106,6 +101,12 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11, } } +METHOD(plugin_t, get_name, char*, + private_pkcs11_plugin_t *this) +{ + return "pkcs11"; +} + METHOD(plugin_t, destroy, void, private_pkcs11_plugin_t *this) { @@ -139,6 +140,8 @@ plugin_t *pkcs11_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, @@ -151,31 +154,17 @@ plugin_t *pkcs11_plugin_create() if (lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.use_hasher", FALSE)) { -<<<<<<< HEAD - lib->crypto->add_hasher(lib->crypto, HASH_MD2, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, -======= - lib->crypto->add_hasher(lib->crypto, HASH_MD2, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD2, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); } diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index 6d2c93c98..b4cc7a805 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -401,20 +401,6 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) }; CK_OBJECT_HANDLE object; CK_KEY_TYPE type; -<<<<<<< HEAD - CK_BBOOL reauth; - CK_ATTRIBUTE attr[] = { - {CKA_KEY_TYPE, &type, sizeof(type)}, - {CKA_ALWAYS_AUTHENTICATE, &reauth, sizeof(reauth)}, - {CKA_MODULUS, NULL, 0}, - {CKA_PUBLIC_EXPONENT, NULL, 0}, - }; - enumerator_t *enumerator; - chunk_t modulus, pubexp; - - enumerator = this->lib->create_object_enumerator(this->lib, - this->session, tmpl, countof(tmpl), attr, countof(attr)); -======= CK_BBOOL reauth = FALSE; CK_ATTRIBUTE attr[] = { {CKA_KEY_TYPE, &type, sizeof(type)}, @@ -433,28 +419,18 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) } enumerator = this->lib->create_object_enumerator(this->lib, this->session, tmpl, countof(tmpl), attr, count); ->>>>>>> upstream/4.5.1 if (enumerator->enumerate(enumerator, &object)) { switch (type) { case CKK_RSA: -<<<<<<< HEAD - if (attr[2].ulValueLen == -1 || attr[3].ulValueLen == -1) -======= if (attr[1].ulValueLen == -1 || attr[2].ulValueLen == -1) ->>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "reading modulus/exponent from PKCS#1 failed"); break; } -<<<<<<< HEAD - modulus = chunk_create(attr[2].pValue, attr[2].ulValueLen); - pubexp = chunk_create(attr[3].pValue, attr[3].ulValueLen); -======= modulus = chunk_create(attr[1].pValue, attr[1].ulValueLen); pubexp = chunk_create(attr[2].pValue, attr[2].ulValueLen); ->>>>>>> upstream/4.5.1 this->pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, BUILD_RSA_MODULUS, modulus, BUILD_RSA_PUB_EXP, pubexp, BUILD_END); diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h index 6d8a370fb..5c92fd1d8 100644 --- a/src/libstrongswan/plugins/plugin.h +++ b/src/libstrongswan/plugins/plugin.h @@ -21,6 +21,8 @@ #ifndef PLUGIN_H_ #define PLUGIN_H_ +#include <utils.h> + typedef struct plugin_t plugin_t; /** @@ -29,6 +31,20 @@ typedef struct plugin_t plugin_t; struct plugin_t { /** + * Get the name of the plugin. + * + * @return plugin name + */ + char* (*get_name)(plugin_t *this); + + /** + * Try to reload plugin configuration. + * + * @return TRUE if reloaded, FALSE if reloading not supporty by plugin + */ + bool (*reload)(plugin_t *this); + + /** * Destroy a plugin instance. */ void (*destroy)(plugin_t *this); diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 4429d9436..b4d7bf7c7 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -43,24 +43,8 @@ struct private_plugin_loader_t { * list of loaded plugins */ linked_list_t *plugins; - - /** - * names of loaded plugins - */ - linked_list_t *names; }; -<<<<<<< HEAD -#ifdef MONOLITHIC -/** - * load a single plugin in monolithic mode - */ -static plugin_t* load_plugin(private_plugin_loader_t *this, - char *path, char *name) -{ - char create[128]; - plugin_t *plugin; -======= /** * create a plugin * returns: NOT_FOUND, if the constructor was not found @@ -70,44 +54,17 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle, char *name, bool integrity, plugin_t **plugin) { char create[128]; ->>>>>>> upstream/4.5.1 plugin_constructor_t constructor; if (snprintf(create, sizeof(create), "%s_plugin_create", name) >= sizeof(create)) { -<<<<<<< HEAD - return NULL; - } - translate(create, "-", "_"); - constructor = dlsym(RTLD_DEFAULT, create); - if (constructor == NULL) - { - DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name, - create); - return NULL; - } - plugin = constructor(); - if (plugin == NULL) - { - DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name, - create); - return NULL; - } - DBG2(DBG_LIB, "plugin '%s': loaded successfully", name); - - return plugin; -} -#else -======= return FAILED; } translate(create, "-", "_"); constructor = dlsym(handle, create); if (constructor == NULL) { - DBG2(DBG_LIB, "plugin '%s': failed to load - %s not found", name, - create); return NOT_FOUND; } if (integrity && lib->integrity) @@ -131,29 +88,12 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle, return SUCCESS; } ->>>>>>> upstream/4.5.1 /** * load a single plugin */ static plugin_t* load_plugin(private_plugin_loader_t *this, char *path, char *name) { -<<<<<<< HEAD - char create[128]; - char file[PATH_MAX]; - void *handle; - plugin_t *plugin; - plugin_constructor_t constructor; - - if (snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, - name) >= sizeof(file) || - snprintf(create, sizeof(create), "%s_plugin_create", - name) >= sizeof(create)) - { - return NULL; - } - translate(create, "-", "_"); -======= char file[PATH_MAX]; void *handle; plugin_t *plugin; @@ -174,7 +114,6 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, { return NULL; } ->>>>>>> upstream/4.5.1 if (lib->integrity) { if (!lib->integrity->check_file(lib->integrity, name, file)) @@ -190,42 +129,6 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, DBG1(DBG_LIB, "plugin '%s' failed to load: %s", name, dlerror()); return NULL; } -<<<<<<< HEAD - constructor = dlsym(handle, create); - if (constructor == NULL) - { - DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name, - create); - dlclose(handle); - return NULL; - } - if (lib->integrity) - { - if (!lib->integrity->check_segment(lib->integrity, name, constructor)) - { - DBG1(DBG_LIB, "plugin '%s': failed segment integrity test", name); - dlclose(handle); - return NULL; - } - DBG1(DBG_LIB, "plugin '%s': passed file and segment integrity tests", - name); - } - plugin = constructor(); - if (plugin == NULL) - { - DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name, - create); - dlclose(handle); - return NULL; - } - DBG2(DBG_LIB, "plugin '%s': loaded successfully", name); - - /* we do not store or free dlopen() handles, leak_detective requires - * the modules to keep loaded until leak report */ - return plugin; -} -#endif -======= if (create_plugin(this, handle, name, TRUE, &plugin) != SUCCESS) { dlclose(handle); @@ -243,12 +146,12 @@ static bool plugin_loaded(private_plugin_loader_t *this, char *name) { enumerator_t *enumerator; bool found = FALSE; - char *current; + plugin_t *plugin; - enumerator = this->names->create_enumerator(this->names); - while (enumerator->enumerate(enumerator, ¤t)) + enumerator = this->plugins->create_enumerator(this->plugins); + while (enumerator->enumerate(enumerator, &plugin)) { - if (streq(name, current)) + if (streq(plugin->get_name(plugin), name)) { found = TRUE; break; @@ -257,29 +160,18 @@ static bool plugin_loaded(private_plugin_loader_t *this, char *name) enumerator->destroy(enumerator); return found; } ->>>>>>> upstream/4.5.1 -/** - * Implementation of plugin_loader_t.load_plugins. - */ -static bool load(private_plugin_loader_t *this, char *path, char *list) +METHOD(plugin_loader_t, load_plugins, bool, + private_plugin_loader_t *this, char *path, char *list) { enumerator_t *enumerator; char *token; bool critical_failed = FALSE; -<<<<<<< HEAD -#ifndef MONOLITHIC -======= ->>>>>>> upstream/4.5.1 if (path == NULL) { path = PLUGINDIR; } -<<<<<<< HEAD -#endif -======= ->>>>>>> upstream/4.5.1 enumerator = enumerator_create_token(list, " ", " "); while (!critical_failed && enumerator->enumerate(enumerator, &token)) @@ -295,19 +187,15 @@ static bool load(private_plugin_loader_t *this, char *path, char *list) critical = TRUE; token[len-1] = '\0'; } -<<<<<<< HEAD -======= if (plugin_loaded(this, token)) { free(token); continue; } ->>>>>>> upstream/4.5.1 plugin = load_plugin(this, path, token); if (plugin) { this->plugins->insert_last(this->plugins, plugin); - this->names->insert_last(this->names, token); } else { @@ -316,20 +204,17 @@ static bool load(private_plugin_loader_t *this, char *path, char *list) critical_failed = TRUE; DBG1(DBG_LIB, "loading critical plugin '%s' failed", token); } - free(token); } + free(token); } enumerator->destroy(enumerator); return !critical_failed; } -/** - * Implementation of plugin_loader_t.unload - */ -static void unload(private_plugin_loader_t *this) +METHOD(plugin_loader_t, unload, void, + private_plugin_loader_t *this) { plugin_t *plugin; - char *name; /* unload plugins in reverse order */ while (this->plugins->remove_last(this->plugins, @@ -337,27 +222,64 @@ static void unload(private_plugin_loader_t *this) { plugin->destroy(plugin); } - while (this->names->remove_last(this->names, (void**)&name) == SUCCESS) - { - free(name); - } } -/** - * Implementation of plugin_loader_t.create_plugin_enumerator - */ -static enumerator_t* create_plugin_enumerator(private_plugin_loader_t *this) +METHOD(plugin_loader_t, create_plugin_enumerator, enumerator_t*, + private_plugin_loader_t *this) { - return this->names->create_enumerator(this->names); + return this->plugins->create_enumerator(this->plugins); } /** - * Implementation of plugin_loader_t.destroy + * Reload a plugin by name, NULL for all */ -static void destroy(private_plugin_loader_t *this) +static u_int reload_by_name(private_plugin_loader_t *this, char *name) +{ + u_int reloaded = 0; + enumerator_t *enumerator; + plugin_t *plugin; + + enumerator = create_plugin_enumerator(this); + while (enumerator->enumerate(enumerator, &plugin)) + { + if (name == NULL || streq(name, plugin->get_name(plugin))) + { + if (plugin->reload(plugin)) + { + DBG2(DBG_LIB, "reloaded configuration of '%s' plugin", + plugin->get_name(plugin)); + reloaded++; + } + } + } + enumerator->destroy(enumerator); + return reloaded; +} + +METHOD(plugin_loader_t, reload, u_int, + private_plugin_loader_t *this, char *list) +{ + u_int reloaded = 0; + enumerator_t *enumerator; + char *name; + + if (list == NULL) + { + return reload_by_name(this, NULL); + } + enumerator = enumerator_create_token(list, " ", ""); + while (enumerator->enumerate(enumerator, &name)) + { + reloaded += reload_by_name(this, name); + } + enumerator->destroy(enumerator); + return reloaded; +} + +METHOD(plugin_loader_t, destroy, void, + private_plugin_loader_t *this) { this->plugins->destroy_offset(this->plugins, offsetof(plugin_t, destroy)); - this->names->destroy_function(this->names, free); free(this); } @@ -366,15 +288,18 @@ static void destroy(private_plugin_loader_t *this) */ plugin_loader_t *plugin_loader_create() { - private_plugin_loader_t *this = malloc_thing(private_plugin_loader_t); - - this->public.load = (bool(*)(plugin_loader_t*, char *path, char *prefix))load; - this->public.unload = (void(*)(plugin_loader_t*))unload; - this->public.create_plugin_enumerator = (enumerator_t*(*)(plugin_loader_t*))create_plugin_enumerator; - this->public.destroy = (void(*)(plugin_loader_t*))destroy; + private_plugin_loader_t *this; - this->plugins = linked_list_create(); - this->names = linked_list_create(); + INIT(this, + .public = { + .load = _load_plugins, + .reload = _reload, + .unload = _unload, + .create_plugin_enumerator = _create_plugin_enumerator, + .destroy = _destroy, + }, + .plugins = linked_list_create(), + ); return &this->public; } diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h index f72c91c60..e03da4543 100644 --- a/src/libstrongswan/plugins/plugin_loader.h +++ b/src/libstrongswan/plugins/plugin_loader.h @@ -44,14 +44,22 @@ struct plugin_loader_t { bool (*load)(plugin_loader_t *this, char *path, char *list); /** + * Reload the configuration of one or multiple plugins. + * + * @param space separated plugin names to reload, NULL for all + * @return number of plugins that did support reloading + */ + u_int (*reload)(plugin_loader_t *this, char *list); + + /** * Unload all loaded plugins. */ void (*unload)(plugin_loader_t *this); /** - * Create an enumerator over all loaded plugin names. + * Create an enumerator over all loaded plugins. * - * @return enumerator over char* + * @return enumerator over plugin_t* */ enumerator_t* (*create_plugin_enumerator)(plugin_loader_t *this); diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index bb2564238..97fba22fc 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c index 3546c9bf9..ae6607e5a 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c @@ -31,15 +31,14 @@ struct private_pubkey_plugin_t { pubkey_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of pubkey_plugin_t.pubkeytroy - */ -static void destroy(private_pubkey_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_pubkey_plugin_t *this) +{ + return "pubkey"; +} + METHOD(plugin_t, destroy, void, private_pubkey_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pubkey_cert_wrap); @@ -51,21 +50,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pubkey_plugin_create() { -<<<<<<< HEAD - private_pubkey_plugin_t *this = malloc_thing(private_pubkey_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_pubkey_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE, (builder_function_t)pubkey_cert_wrap); diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index fbdf35170..761d2c96e 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c index f70998334..00202a5a6 100644 --- a/src/libstrongswan/plugins/random/random_plugin.c +++ b/src/libstrongswan/plugins/random/random_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "random_rng.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "random"; - ->>>>>>> upstream/4.5.1 typedef struct private_random_plugin_t private_random_plugin_t; /** @@ -36,15 +31,14 @@ struct private_random_plugin_t { random_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of random_plugin_t.gmptroy - */ -static void destroy(private_random_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_random_plugin_t *this) +{ + return "random"; +} + METHOD(plugin_t, destroy, void, private_random_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->crypto->remove_rng(lib->crypto, (rng_constructor_t)random_rng_create); @@ -56,29 +50,21 @@ METHOD(plugin_t, destroy, void, */ plugin_t *random_plugin_create() { -<<<<<<< HEAD - private_random_plugin_t *this = malloc_thing(private_random_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_rng(lib->crypto, RNG_STRONG, - (rng_constructor_t)random_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, -======= private_random_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, plugin_name, + lib->crypto->add_rng(lib->crypto, RNG_STRONG, get_name(this), (rng_constructor_t)random_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_rng(lib->crypto, RNG_TRUE, get_name(this), (rng_constructor_t)random_rng_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c index e4247a3cc..1d99a63d5 100644 --- a/src/libstrongswan/plugins/random/random_rng.c +++ b/src/libstrongswan/plugins/random/random_rng.c @@ -55,16 +55,8 @@ struct private_random_rng_t { char *file; }; -<<<<<<< HEAD -/** - * Implementation of random_rng_t.get_bytes. - */ -static void get_bytes(private_random_rng_t *this, size_t bytes, - u_int8_t *buffer) -======= METHOD(rng_t, get_bytes, void, private_random_rng_t *this, size_t bytes, u_int8_t *buffer) ->>>>>>> upstream/4.5.1 { size_t done; ssize_t got; @@ -86,30 +78,15 @@ METHOD(rng_t, get_bytes, void, } } -<<<<<<< HEAD -/** - * Implementation of random_rng_t.allocate_bytes. - */ -static void allocate_bytes(private_random_rng_t *this, size_t bytes, - chunk_t *chunk) -======= METHOD(rng_t, allocate_bytes, void, private_random_rng_t *this, size_t bytes, chunk_t *chunk) ->>>>>>> upstream/4.5.1 { *chunk = chunk_alloc(bytes); get_bytes(this, chunk->len, chunk->ptr); } -<<<<<<< HEAD -/** - * Implementation of random_rng_t.destroy. - */ -static void destroy(private_random_rng_t *this) -======= METHOD(rng_t, destroy, void, private_random_rng_t *this) ->>>>>>> upstream/4.5.1 { close(this->dev); free(this); @@ -120,14 +97,6 @@ METHOD(rng_t, destroy, void, */ random_rng_t *random_rng_create(rng_quality_t quality) { -<<<<<<< HEAD - private_random_rng_t *this = malloc_thing(private_random_rng_t); - - /* public functions */ - this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes; - this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes; - this->public.rng.destroy = (void (*) (rng_t *))destroy; -======= private_random_rng_t *this; INIT(this, @@ -139,7 +108,6 @@ random_rng_t *random_rng_create(rng_quality_t quality) }, }, ); ->>>>>>> upstream/4.5.1 if (quality == RNG_TRUE) { diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index 19ec1e719..e8856b7d7 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/revocation/revocation_plugin.c b/src/libstrongswan/plugins/revocation/revocation_plugin.c index 02393b907..fa04fb2a2 100644 --- a/src/libstrongswan/plugins/revocation/revocation_plugin.c +++ b/src/libstrongswan/plugins/revocation/revocation_plugin.c @@ -36,6 +36,12 @@ struct private_revocation_plugin_t { revocation_validator_t *validator; }; +METHOD(plugin_t, get_name, char*, + private_revocation_plugin_t *this) +{ + return "revocation"; +} + METHOD(plugin_t, destroy, void, private_revocation_plugin_t *this) { @@ -54,6 +60,8 @@ plugin_t *revocation_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index dc8b849c7..def169275 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -93,20 +93,13 @@ static certificate_t *fetch_ocsp(char *url, certificate_t *subject, /** * check the signature of an OCSP response */ -<<<<<<< HEAD -static bool verify_ocsp(ocsp_response_t *response) -======= static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) ->>>>>>> upstream/4.5.1 { certificate_t *issuer, *subject; identification_t *responder; ocsp_response_wrapper_t *wrapper; enumerator_t *enumerator; -<<<<<<< HEAD -======= auth_cfg_t *current; ->>>>>>> upstream/4.5.1 bool verified = FALSE; wrapper = ocsp_response_wrapper_create((ocsp_response_t*)response); @@ -116,23 +109,16 @@ static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) responder = subject->get_issuer(subject); enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr, KEY_ANY, responder, FALSE); -<<<<<<< HEAD - while (enumerator->enumerate(enumerator, &issuer, NULL)) -======= while (enumerator->enumerate(enumerator, &issuer, ¤t)) ->>>>>>> upstream/4.5.1 { if (lib->credmgr->issued_by(lib->credmgr, subject, issuer)) { DBG1(DBG_CFG, " ocsp response correctly signed by \"%Y\"", issuer->get_subject(issuer)); -<<<<<<< HEAD -======= if (auth) { auth->merge(auth, current, FALSE); } ->>>>>>> upstream/4.5.1 verified = TRUE; break; } @@ -148,12 +134,8 @@ static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) * Get the better of two OCSP responses, and check for usable OCSP info */ static certificate_t *get_better_ocsp(certificate_t *cand, certificate_t *best, -<<<<<<< HEAD - x509_t *subject, x509_t *issuer, cert_validation_t *valid, bool cache) -======= x509_t *subject, x509_t *issuer, cert_validation_t *valid, auth_cfg_t *auth, bool cache) ->>>>>>> upstream/4.5.1 { ocsp_response_t *response; time_t revocation, this_update, next_update, valid_until; @@ -163,11 +145,7 @@ static certificate_t *get_better_ocsp(certificate_t *cand, certificate_t *best, response = (ocsp_response_t*)cand; /* check ocsp signature */ -<<<<<<< HEAD - if (!verify_ocsp(response)) -======= if (!verify_ocsp(response, auth)) ->>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "ocsp response verification failed"); cand->destroy(cand); @@ -248,12 +226,8 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, while (enumerator->enumerate(enumerator, ¤t)) { current->get_ref(current); -<<<<<<< HEAD - best = get_better_ocsp(current, best, subject, issuer, &valid, FALSE); -======= best = get_better_ocsp(current, best, subject, issuer, &valid, auth, FALSE); ->>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { DBG1(DBG_CFG, " using cached ocsp response"); @@ -280,11 +254,7 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, if (current) { best = get_better_ocsp(current, best, subject, issuer, -<<<<<<< HEAD - &valid, TRUE); -======= &valid, auth, TRUE); ->>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { break; @@ -306,11 +276,7 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, if (current) { best = get_better_ocsp(current, best, subject, issuer, -<<<<<<< HEAD - &valid, TRUE); -======= &valid, auth, TRUE); ->>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { break; @@ -364,39 +330,25 @@ static certificate_t* fetch_crl(char *url) /** * check the signature of an CRL */ -<<<<<<< HEAD -static bool verify_crl(certificate_t *crl) -======= static bool verify_crl(certificate_t *crl, auth_cfg_t *auth) ->>>>>>> upstream/4.5.1 { certificate_t *issuer; enumerator_t *enumerator; bool verified = FALSE; -<<<<<<< HEAD - - enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr, - KEY_ANY, crl->get_issuer(crl), FALSE); - while (enumerator->enumerate(enumerator, &issuer, NULL)) -======= auth_cfg_t *current; enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr, KEY_ANY, crl->get_issuer(crl), FALSE); while (enumerator->enumerate(enumerator, &issuer, ¤t)) ->>>>>>> upstream/4.5.1 { if (lib->credmgr->issued_by(lib->credmgr, crl, issuer)) { DBG1(DBG_CFG, " crl correctly signed by \"%Y\"", issuer->get_subject(issuer)); -<<<<<<< HEAD -======= if (auth) { auth->merge(auth, current, FALSE); } ->>>>>>> upstream/4.5.1 verified = TRUE; break; } @@ -410,23 +362,13 @@ static bool verify_crl(certificate_t *crl, auth_cfg_t *auth) * Get the better of two CRLs, and check for usable CRL info */ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, -<<<<<<< HEAD - x509_t *subject, x509_t *issuer, cert_validation_t *valid, bool cache) -======= x509_t *subject, cert_validation_t *valid, auth_cfg_t *auth, bool cache, crl_t *base) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; time_t revocation, valid_until; crl_reason_t reason; chunk_t serial; -<<<<<<< HEAD - crl_t *crl; - - /* check CRL signature */ - if (!verify_crl(cand)) -======= crl_t *crl = (crl_t*)cand; if (base) @@ -449,17 +391,12 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, /* check CRL signature */ if (!verify_crl(cand, auth)) ->>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "crl response verification failed"); cand->destroy(cand); return best; } -<<<<<<< HEAD - crl = (crl_t*)cand; -======= ->>>>>>> upstream/4.5.1 enumerator = crl->create_enumerator(crl); while (enumerator->enumerate(enumerator, &serial, &revocation, &reason)) { @@ -504,81 +441,6 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, } /** -<<<<<<< HEAD - * validate a x509 certificate using CRL - */ -static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, - auth_cfg_t *auth) -{ - cert_validation_t valid = VALIDATION_SKIPPED; - identification_t *keyid = NULL; - certificate_t *best = NULL; - certificate_t *current; - public_key_t *public; - enumerator_t *enumerator; - chunk_t chunk; - char *uri = NULL; - - /* derive the authorityKeyIdentifier from the issuer's public key */ - current = &issuer->interface; - public = current->get_public_key(current); - if (public && public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &chunk)) - { - keyid = identification_create_from_encoding(ID_KEY_ID, chunk); - - /* find a cached crl by authorityKeyIdentifier */ - enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr, - CERT_X509_CRL, KEY_ANY, keyid, FALSE); - while (enumerator->enumerate(enumerator, ¤t)) - { - current->get_ref(current); - best = get_better_crl(current, best, subject, issuer, - &valid, FALSE); - if (best && valid != VALIDATION_STALE) - { - DBG1(DBG_CFG, " using cached crl"); - break; - } - } - enumerator->destroy(enumerator); - - /* fallback to fetching crls from credential sets cdps */ - if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) - { - enumerator = lib->credmgr->create_cdp_enumerator(lib->credmgr, - CERT_X509_CRL, keyid); - while (enumerator->enumerate(enumerator, &uri)) - { - current = fetch_crl(uri); - if (current) - { - best = get_better_crl(current, best, subject, issuer, - &valid, TRUE); - if (best && valid != VALIDATION_STALE) - { - break; - } - } - } - enumerator->destroy(enumerator); - } - keyid->destroy(keyid); - } - DESTROY_IF(public); - - /* fallback to fetching crls from cdps from subject's certificate */ - if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) - { - enumerator = subject->create_crl_uri_enumerator(subject); - - while (enumerator->enumerate(enumerator, &uri)) - { - current = fetch_crl(uri); - if (current) - { - best = get_better_crl(current, best, subject, issuer, - &valid, TRUE); -======= * Find or fetch a certificate for a given crlIssuer */ static cert_validation_t find_crl(x509_t *subject, identification_t *issuer, @@ -764,7 +626,6 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, } best = get_better_crl(current, best, subject, &valid, auth, TRUE, NULL); ->>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { break; @@ -774,10 +635,6 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, enumerator->destroy(enumerator); } -<<<<<<< HEAD - /* an uri was found, but no result. switch validation state to failed */ - if (valid == VALIDATION_SKIPPED && uri) -======= /* look for delta CRLs */ if (best && (valid == VALIDATION_GOOD || valid == VALIDATION_STALE)) { @@ -786,7 +643,6 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, /* an uri was found, but no result. switch validation state to failed */ if (valid == VALIDATION_SKIPPED && uri_found) ->>>>>>> upstream/4.5.1 { valid = VALIDATION_FAILED; } @@ -809,12 +665,8 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, METHOD(cert_validator_t, validate, bool, private_revocation_validator_t *this, certificate_t *subject, -<<<<<<< HEAD - certificate_t *issuer, bool online, int pathlen, auth_cfg_t *auth) -======= certificate_t *issuer, bool online, u_int pathlen, bool anchor, auth_cfg_t *auth) ->>>>>>> upstream/4.5.1 { if (subject->get_type(subject) == CERT_X509 && issuer->get_type(issuer) == CERT_X509 && @@ -822,12 +674,8 @@ METHOD(cert_validator_t, validate, bool, { DBG1(DBG_CFG, "checking certificate status of \"%Y\"", subject->get_subject(subject)); -<<<<<<< HEAD - switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, auth)) -======= switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, pathlen ? NULL : auth)) ->>>>>>> upstream/4.5.1 { case VALIDATION_GOOD: DBG1(DBG_CFG, "certificate status is good"); @@ -845,12 +693,8 @@ METHOD(cert_validator_t, validate, bool, DBG1(DBG_CFG, "ocsp check failed, fallback to crl"); break; } -<<<<<<< HEAD - switch (check_crl((x509_t*)subject, (x509_t*)issuer, auth)) -======= switch (check_crl((x509_t*)subject, (x509_t*)issuer, pathlen ? NULL : auth)) ->>>>>>> upstream/4.5.1 { case VALIDATION_GOOD: DBG1(DBG_CFG, "certificate status is good"); diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index 95e4e403d..b4b275648 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c index fcb75dfa2..a9b84e790 100644 --- a/src/libstrongswan/plugins/sha1/sha1_plugin.c +++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c @@ -19,11 +19,6 @@ #include "sha1_hasher.h" #include "sha1_prf.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "sha1"; - ->>>>>>> upstream/4.5.1 typedef struct private_sha1_plugin_t private_sha1_plugin_t; /** @@ -37,15 +32,14 @@ struct private_sha1_plugin_t { sha1_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of sha1_plugin_t.destroy - */ -static void destroy(private_sha1_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_sha1_plugin_t *this) +{ + return "sha1"; +} + METHOD(plugin_t, destroy, void, private_sha1_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)sha1_hasher_create); @@ -59,29 +53,21 @@ METHOD(plugin_t, destroy, void, */ plugin_t *sha1_plugin_create() { -<<<<<<< HEAD - private_sha1_plugin_t *this = malloc_thing(private_sha1_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, - (hasher_constructor_t)sha1_hasher_create); - lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, -======= private_sha1_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), (hasher_constructor_t)sha1_hasher_create); - lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, get_name(this), (prf_constructor_t)sha1_prf_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index 0dc56ac37..bdc235555 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c index b47f07b8d..4ec03a268 100644 --- a/src/libstrongswan/plugins/sha2/sha2_plugin.c +++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "sha2_hasher.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "sha2"; - ->>>>>>> upstream/4.5.1 typedef struct private_sha2_plugin_t private_sha2_plugin_t; /** @@ -36,15 +31,14 @@ struct private_sha2_plugin_t { sha2_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of sha2_plugin_t.destroy - */ -static void destroy(private_sha2_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_sha2_plugin_t *this) +{ + return "sha2"; +} + METHOD(plugin_t, destroy, void, private_sha2_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)sha2_hasher_create); @@ -56,37 +50,25 @@ METHOD(plugin_t, destroy, void, */ plugin_t *sha2_plugin_create() { -<<<<<<< HEAD - private_sha2_plugin_t *this = malloc_thing(private_sha2_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, - (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, - (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, - (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, -======= private_sha2_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this), (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), (hasher_constructor_t)sha2_hasher_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in index 35d175f95..ec370d38c 100644 --- a/src/libstrongswan/plugins/soup/Makefile.in +++ b/src/libstrongswan/plugins/soup/Makefile.in @@ -241,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,6 +266,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/soup/soup_fetcher.c b/src/libstrongswan/plugins/soup/soup_fetcher.c index fd97631bd..3e5786b12 100644 --- a/src/libstrongswan/plugins/soup/soup_fetcher.c +++ b/src/libstrongswan/plugins/soup/soup_fetcher.c @@ -58,44 +58,77 @@ struct private_soup_fetcher_t { * HTTP request version */ SoupHTTPVersion version; + + /** + * Fetcher callback function + */ + fetcher_callback_t cb; }; +/** + * Data to pass to soup callback + */ +typedef struct { + fetcher_callback_t cb; + void *user; + SoupSession *session; +} cb_data_t; + +/** + * Soup callback invoking our callback + */ +static void soup_cb(SoupMessage *message, SoupBuffer *chunk, cb_data_t *data) +{ + if (!data->cb(data->user, chunk_create((u_char*)chunk->data, chunk->length))) + { + soup_session_cancel_message(data->session, message, + SOUP_STATUS_CANCELLED); + } +} + METHOD(fetcher_t, fetch, status_t, - private_soup_fetcher_t *this, char *uri, chunk_t *result) + private_soup_fetcher_t *this, char *uri, void *userdata) { - SoupSession *session; SoupMessage *message; status_t status = FAILED; + cb_data_t data = { + .cb = this->cb, + .user = userdata, + }; message = soup_message_new(this->method, uri); if (!message) { return NOT_SUPPORTED; } + if (this->cb == fetcher_default_callback) + { + *(chunk_t*)userdata = chunk_empty; + } if (this->type) { soup_message_set_request(message, this->type, SOUP_MEMORY_STATIC, this->data.ptr, this->data.len); } soup_message_set_http_version(message, this->version); - session = soup_session_sync_new(); - g_object_set(G_OBJECT(session), + soup_message_body_set_accumulate(message->response_body, FALSE); + g_signal_connect(message, "got-chunk", G_CALLBACK(soup_cb), &data); + data.session = soup_session_sync_new(); + g_object_set(G_OBJECT(data.session), SOUP_SESSION_TIMEOUT, (guint)this->timeout, NULL); DBG2(DBG_LIB, "sending http request to '%s'...", uri); - soup_session_send_message(session, message); + soup_session_send_message(data.session, message); if (SOUP_STATUS_IS_SUCCESSFUL(message->status_code)) { - *result = chunk_clone(chunk_create((u_char*)message->response_body->data, - message->response_body->length)); status = SUCCESS; } else { - DBG1(DBG_LIB, "HTTP request failed, code %d", message->status_code); + DBG1(DBG_LIB, "HTTP request failed: %s", message->reason_phrase); } g_object_unref(G_OBJECT(message)); - g_object_unref(G_OBJECT(session)); + g_object_unref(G_OBJECT(data.session)); return status; } @@ -121,6 +154,9 @@ METHOD(fetcher_t, set_option, bool, case FETCH_TIMEOUT: this->timeout = va_arg(args, u_int); break; + case FETCH_CALLBACK: + this->cb = va_arg(args, fetcher_callback_t); + break; default: supported = FALSE; break; @@ -153,6 +189,7 @@ soup_fetcher_t *soup_fetcher_create() .method = SOUP_METHOD_GET, .version = SOUP_HTTP_1_1, .timeout = DEFAULT_TIMEOUT, + .cb = fetcher_default_callback, ); return &this->public; diff --git a/src/libstrongswan/plugins/soup/soup_plugin.c b/src/libstrongswan/plugins/soup/soup_plugin.c index 970e32472..22c8762e0 100644 --- a/src/libstrongswan/plugins/soup/soup_plugin.c +++ b/src/libstrongswan/plugins/soup/soup_plugin.c @@ -34,6 +34,12 @@ struct private_soup_plugin_t { soup_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_soup_plugin_t *this) +{ + return "soup"; +} + METHOD(plugin_t, destroy, void, private_soup_plugin_t *this) { @@ -58,6 +64,8 @@ plugin_t *soup_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index bf952acc5..e2ec799a9 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c index e1c51f098..f9e06199e 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_database.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c @@ -213,15 +213,8 @@ static bool sqlite_enumerator_enumerate(sqlite_enumerator_t *this, ...) return TRUE; } -<<<<<<< HEAD -/** - * Implementation of database_t.query. - */ -static enumerator_t* query(private_sqlite_database_t *this, char *sql, ...) -======= METHOD(database_t, query, enumerator_t*, private_sqlite_database_t *this, char *sql, ...) ->>>>>>> upstream/4.5.1 { sqlite3_stmt *stmt; va_list args; @@ -253,15 +246,8 @@ METHOD(database_t, query, enumerator_t*, return (enumerator_t*)enumerator; } -<<<<<<< HEAD -/** - * Implementation of database_t.execute. - */ -static int execute(private_sqlite_database_t *this, int *rowid, char *sql, ...) -======= METHOD(database_t, execute, int, private_sqlite_database_t *this, int *rowid, char *sql, ...) ->>>>>>> upstream/4.5.1 { sqlite3_stmt *stmt; int affected = -1; @@ -293,15 +279,8 @@ METHOD(database_t, execute, int, return affected; } -<<<<<<< HEAD -/** - * Implementation of database_t.get_driver - */ -static db_driver_t get_driver(private_sqlite_database_t *this) -======= METHOD(database_t, get_driver, db_driver_t, private_sqlite_database_t *this) ->>>>>>> upstream/4.5.1 { return DB_SQLITE; } @@ -317,15 +296,8 @@ static int busy_handler(private_sqlite_database_t *this, int count) return 1; } -<<<<<<< HEAD -/** - * Implementation of database_t.destroy - */ -static void destroy(private_sqlite_database_t *this) -======= METHOD(database_t, destroy, void, private_sqlite_database_t *this) ->>>>>>> upstream/4.5.1 { sqlite3_close(this->db); this->mutex->destroy(this->mutex); @@ -349,16 +321,6 @@ sqlite_database_t *sqlite_database_create(char *uri) } file = uri + 9; -<<<<<<< HEAD - this = malloc_thing(private_sqlite_database_t); - - this->public.db.query = (enumerator_t* (*)(database_t *this, char *sql, ...))query; - this->public.db.execute = (int (*)(database_t *this, int *rowid, char *sql, ...))execute; - this->public.db.get_driver = (db_driver_t(*)(database_t*))get_driver; - this->public.db.destroy = (void(*)(database_t*))destroy; - - this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); -======= INIT(this, .public = { .db = { @@ -370,17 +332,12 @@ sqlite_database_t *sqlite_database_create(char *uri) }, .mutex = mutex_create(MUTEX_TYPE_RECURSIVE), ); ->>>>>>> upstream/4.5.1 if (sqlite3_open(file, &this->db) != SQLITE_OK) { DBG1(DBG_LIB, "opening SQLite database '%s' failed: %s", file, sqlite3_errmsg(this->db)); -<<<<<<< HEAD - destroy(this); -======= _destroy(this); ->>>>>>> upstream/4.5.1 return NULL; } diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c index e0bdf0634..d8c6a560c 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c @@ -31,15 +31,14 @@ struct private_sqlite_plugin_t { sqlite_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_sqlite_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_sqlite_plugin_t *this) +{ + return "sqlite"; +} + METHOD(plugin_t, destroy, void, private_sqlite_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->db->remove_database(lib->db, (database_constructor_t)sqlite_database_create); @@ -51,21 +50,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *sqlite_plugin_create() { -<<<<<<< HEAD - private_sqlite_plugin_t *this = malloc_thing(private_sqlite_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_sqlite_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->db->add_database(lib->db, (database_constructor_t)sqlite_database_create); diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 651fb8a9f..70cdfd600 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -227,13 +227,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -254,6 +248,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -272,14 +268,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/des.c b/src/libstrongswan/plugins/test_vectors/test_vectors/des.c index 80b5f1010..b4bf1fe6a 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/des.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/des.c @@ -25,7 +25,6 @@ crypter_test_vector_t des_ecb1 = { .alg = ENCR_DES_ECB, .key_size = 8, .len = 8, .key = "\x00\x01\x02\x03\x04\x05\x06\x07", - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", .plain = "\x41\xAD\x06\x85\x48\x80\x9D\x02", .cipher = "\x00\x11\x22\x33\x44\x55\x66\x77" }; @@ -36,7 +35,6 @@ crypter_test_vector_t des_ecb1 = { crypter_test_vector_t des_ecb2 = { .alg = ENCR_DES_ECB, .key_size = 8, .len = 8, .key = "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00", - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", .plain = "\xB1\x0F\x84\x30\x97\xA0\xF9\x32", .cipher = "\xEA\x02\x47\x14\xAD\x5C\x4D\x84" }; diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c index c021ef67b..4a8743289 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c @@ -104,15 +104,14 @@ struct private_test_vectors_plugin_t { test_vectors_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of test_vectors_plugin_t.test_vectorstroy - */ -static void destroy(private_test_vectors_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_test_vectors_plugin_t *this) +{ + return "test-vectors"; +} + METHOD(plugin_t, destroy, void, private_test_vectors_plugin_t *this) ->>>>>>> upstream/4.5.1 { free(this); } @@ -122,23 +121,18 @@ METHOD(plugin_t, destroy, void, */ plugin_t *test_vectors_plugin_create() { -<<<<<<< HEAD - private_test_vectors_plugin_t *this = malloc_thing(private_test_vectors_plugin_t); - int i; - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_test_vectors_plugin_t *this; int i; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 for (i = 0; i < countof(crypter); i++) { diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 785d6441c..58cdf2c7c 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 0eabc8010..8b228a2b6 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -117,11 +117,7 @@ struct private_x509_cert_t { linked_list_t *subjectAltNames; /** -<<<<<<< HEAD - * List of crlDistributionPoints as allocated char* -======= * List of crlDistributionPoints as x509_cdp_t* ->>>>>>> upstream/4.5.1 */ linked_list_t *crl_uris; @@ -136,8 +132,6 @@ struct private_x509_cert_t { linked_list_t *ipAddrBlocks; /** -<<<<<<< HEAD -======= * List of permitted name constraints */ linked_list_t *permitted_names; @@ -158,7 +152,6 @@ struct private_x509_cert_t { linked_list_t *policy_mappings; /** ->>>>>>> upstream/4.5.1 * certificate's embedded public key */ public_key_t *public_key; @@ -181,9 +174,6 @@ struct private_x509_cert_t { /** * Path Length Constraint */ -<<<<<<< HEAD - int pathLenConstraint; -======= u_char pathLenConstraint; /** @@ -200,7 +190,6 @@ struct private_x509_cert_t { * inhibitAnyPolicy Constraint */ u_char inhibit_any; ->>>>>>> upstream/4.5.1 /** * x509 constraints and other flags @@ -233,8 +222,6 @@ static const chunk_t ASN1_subjectAltName_oid = chunk_from_chars( ); /** -<<<<<<< HEAD -======= * Destroy a CertificateDistributionPoint */ static void crl_uri_destroy(x509_cdp_t *this) @@ -282,7 +269,6 @@ static u_int parse_constraint(chunk_t object) } /** ->>>>>>> upstream/4.5.1 * ASN.1 definition of a basicConstraints extension */ static const asn1Object_t basicConstraintsObjects[] = { @@ -324,19 +310,7 @@ static void parse_basicConstraints(chunk_t blob, int level0, case BASIC_CONSTRAINTS_PATH_LEN: if (isCA) { -<<<<<<< HEAD - if (object.len == 0) - { - this->pathLenConstraint = 0; - } - else if (object.len == 1) - { - this->pathLenConstraint = *object.ptr; - } - /* we ignore path length constraints > 127 */ -======= this->pathLenConstraint = parse_constraint(object); ->>>>>>> upstream/4.5.1 } break; default: @@ -674,11 +648,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, } break; default: -<<<<<<< HEAD - /* unkown accessMethod, ignoring */ -======= /* unknown accessMethod, ignoring */ ->>>>>>> upstream/4.5.1 break; } break; @@ -693,8 +663,6 @@ end: } /** -<<<<<<< HEAD -======= * Extract KeyUsage flags */ static void parse_keyUsage(chunk_t blob, private_x509_cert_t *this) @@ -749,7 +717,6 @@ static void parse_keyUsage(chunk_t blob, private_x509_cert_t *this) } /** ->>>>>>> upstream/4.5.1 * ASN.1 definition of a extendedKeyUsage extension */ static const asn1Object_t extendedKeyUsageObjects[] = { @@ -761,11 +728,7 @@ static const asn1Object_t extendedKeyUsageObjects[] = { #define EXT_KEY_USAGE_PURPOSE_ID 1 /** -<<<<<<< HEAD - * Extracts extendedKeyUsage OIDs - currently only OCSP_SIGING is returned -======= * Extracts extendedKeyUsage OIDs ->>>>>>> upstream/4.5.1 */ static void parse_extendedKeyUsage(chunk_t blob, int level0, private_x509_cert_t *this) @@ -814,18 +777,11 @@ static const asn1Object_t crlDistributionPointsObjects[] = { { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */ { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */ -<<<<<<< HEAD - { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_BODY }, /* 10 */ -======= { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_OBJ }, /* 10 */ ->>>>>>> upstream/4.5.1 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; -<<<<<<< HEAD -#define CRL_DIST_POINTS_FULLNAME 3 -======= #define CRL_DIST_POINTS 1 #define CRL_DIST_POINTS_FULLNAME 3 #define CRL_DIST_POINTS_ISSUER 10 @@ -874,21 +830,10 @@ static void add_cdps(linked_list_t *list, linked_list_t *uris, id->destroy(id); } } ->>>>>>> upstream/4.5.1 /** * Extracts one or several crlDistributionPoints into a list */ -<<<<<<< HEAD -static void parse_crlDistributionPoints(chunk_t blob, int level0, - private_x509_cert_t *this) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - linked_list_t *list = linked_list_create(); - -======= void x509_parse_crlDistributionPoints(chunk_t blob, int level0, linked_list_t *list) { @@ -899,36 +844,11 @@ void x509_parse_crlDistributionPoints(chunk_t blob, int level0, uris = linked_list_create(); issuers = linked_list_create(); ->>>>>>> upstream/4.5.1 parser = asn1_parser_create(crlDistributionPointsObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) { -<<<<<<< HEAD - if (objectID == CRL_DIST_POINTS_FULLNAME) - { - identification_t *id; - - /* append extracted generalNames to existing chained list */ - x509_parse_generalNames(object, parser->get_level(parser)+1, - TRUE, list); - - while (list->remove_last(list, (void**)&id) == SUCCESS) - { - char *uri; - - if (asprintf(&uri, "%Y", id) > 0) - { - this->crl_uris->insert_last(this->crl_uris, uri); - } - id->destroy(id); - } - } - } - parser->destroy(parser); - list->destroy(list); -======= switch (objectID) { case CRL_DIST_POINTS: @@ -1017,15 +937,15 @@ static const asn1Object_t certificatePoliciesObject[] = { { 0, "certificatePolicies", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ { 1, "policyInformation", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ { 2, "policyId", ASN1_OID, ASN1_BODY }, /* 2 */ - { 2, "qualifier", ASN1_SEQUENCE, ASN1_OPT|ASN1_BODY }, /* 3 */ + { 2, "qualifiers", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 3 */ { 3, "qualifierInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 4 */ { 4, "qualifierId", ASN1_OID, ASN1_BODY }, /* 5 */ { 4, "cPSuri", ASN1_IA5STRING, ASN1_OPT|ASN1_BODY }, /* 6 */ { 4, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ - { 4, "userNotice", ASN1_SEQUENCE, ASN1_OPT|ASN1_NONE }, /* 8 */ + { 4, "userNotice", ASN1_SEQUENCE, ASN1_OPT|ASN1_BODY }, /* 8 */ { 5, "explicitText", ASN1_EOC, ASN1_RAW }, /* 9 */ { 4, "end choice", ASN1_EOC, ASN1_END }, /* 10 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 12 */ + { 2, "end opt/loop", ASN1_EOC, ASN1_END }, /* 12 */ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 13 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; @@ -1179,7 +1099,6 @@ static void parse_policyConstraints(chunk_t blob, int level0, } } parser->destroy(parser); ->>>>>>> upstream/4.5.1 } /** @@ -1198,7 +1117,7 @@ static const asn1Object_t ipAddrBlocksObjects[] = { { 4, "min", ASN1_BIT_STRING, ASN1_BODY }, /* 9 */ { 4, "max", ASN1_BIT_STRING, ASN1_BODY }, /* 10 */ { 3, "end choice", ASN1_EOC, ASN1_END }, /* 11 */ - { 2, "end choice/loop", ASN1_EOC, ASN1_END }, /* 12 */ + { 2, "end opt/loop", ASN1_EOC, ASN1_END }, /* 12 */ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 13 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; @@ -1374,14 +1293,6 @@ static const asn1Object_t certObjects[] = { #define X509_OBJ_SIGNATURE 25 /** -<<<<<<< HEAD - * forward declaration - */ -static bool issued_by(private_x509_cert_t *this, certificate_t *issuer); - -/** -======= ->>>>>>> upstream/4.5.1 * Parses an X.509v3 certificate */ static bool parse_certificate(private_x509_cert_t *this) @@ -1481,12 +1392,8 @@ static bool parse_certificate(private_x509_cert_t *this) parse_basicConstraints(object, level, this); break; case OID_CRL_DISTRIBUTION_POINTS: -<<<<<<< HEAD - parse_crlDistributionPoints(object, level, this); -======= x509_parse_crlDistributionPoints(object, level, this->crl_uris); ->>>>>>> upstream/4.5.1 break; case OID_AUTHORITY_KEY_ID: this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, @@ -1496,11 +1403,7 @@ static bool parse_certificate(private_x509_cert_t *this) parse_authorityInfoAccess(object, level, this); break; case OID_KEY_USAGE: -<<<<<<< HEAD - /* TODO parse the flags */ -======= parse_keyUsage(object, this); ->>>>>>> upstream/4.5.1 break; case OID_EXTENDED_KEY_USAGE: parse_extendedKeyUsage(object, level, this); @@ -1508,8 +1411,6 @@ static bool parse_certificate(private_x509_cert_t *this) case OID_IP_ADDR_BLOCKS: parse_ipAddrBlocks(object, level, this); break; -<<<<<<< HEAD -======= case OID_NAME_CONSTRAINTS: parse_nameConstraints(object, level, this); break; @@ -1530,7 +1431,6 @@ static bool parse_certificate(private_x509_cert_t *this) } this->inhibit_any = parse_constraint(object); break; ->>>>>>> upstream/4.5.1 case OID_NS_REVOCATION_URL: case OID_NS_CA_REVOCATION_URL: case OID_NS_CA_POLICY_URL: @@ -1543,15 +1443,9 @@ static bool parse_certificate(private_x509_cert_t *this) break; default: if (critical && lib->settings->get_bool(lib->settings, -<<<<<<< HEAD - "libstrongswan.plugins.x509.enforce_critical", FALSE)) - { - DBG1(DBG_LIB, "critical %s extension not supported", -======= "libstrongswan.x509.enforce_critical", TRUE)) { DBG1(DBG_LIB, "critical '%s' extension not supported", ->>>>>>> upstream/4.5.1 (extn_oid == OID_UNKNOWN) ? "unknown" : (char*)oid_names[extn_oid].name); goto end; @@ -1584,13 +1478,9 @@ end: hasher_t *hasher; /* check if the certificate is self-signed */ -<<<<<<< HEAD - if (issued_by(this, &this->public.interface.interface)) -======= if (this->public.interface.interface.issued_by( &this->public.interface.interface, &this->public.interface.interface)) ->>>>>>> upstream/4.5.1 { this->flags |= X509_SELF_SIGNED; } @@ -1607,54 +1497,26 @@ end: return success; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.get_type - */ -static certificate_type_t get_type(private_x509_cert_t *this) -======= METHOD(certificate_t, get_type, certificate_type_t, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return CERT_X509; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.get_subject - */ -static identification_t* get_subject(private_x509_cert_t *this) -======= METHOD(certificate_t, get_subject, identification_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->subject; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.get_issuer - */ -static identification_t* get_issuer(private_x509_cert_t *this) -======= METHOD(certificate_t, get_issuer, identification_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->issuer; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.has_subject. - */ -static id_match_t has_subject(private_x509_cert_t *this, identification_t *subject) -======= METHOD(certificate_t, has_subject, id_match_t, private_x509_cert_t *this, identification_t *subject) ->>>>>>> upstream/4.5.1 { identification_t *current; enumerator_t *enumerator; @@ -1695,29 +1557,15 @@ METHOD(certificate_t, has_subject, id_match_t, return best; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.has_issuer. - */ -static id_match_t has_issuer(private_x509_cert_t *this, identification_t *issuer) -======= METHOD(certificate_t, has_issuer, id_match_t, private_x509_cert_t *this, identification_t *issuer) ->>>>>>> upstream/4.5.1 { /* issuerAltNames currently not supported */ return this->issuer->matches(this->issuer, issuer); } -<<<<<<< HEAD -/** - * Implementation of certificate_t.issued_by. - */ -static bool issued_by(private_x509_cert_t *this, certificate_t *issuer) -======= METHOD(certificate_t, issued_by, bool, private_x509_cert_t *this, certificate_t *issuer) ->>>>>>> upstream/4.5.1 { public_key_t *key; signature_scheme_t scheme; @@ -1764,44 +1612,13 @@ METHOD(certificate_t, issued_by, bool, return valid; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.get_public_key - */ -static public_key_t* get_public_key(private_x509_cert_t *this) -======= METHOD(certificate_t, get_public_key, public_key_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { this->public_key->get_ref(this->public_key); return this->public_key; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.get_ref - */ -static private_x509_cert_t* get_ref(private_x509_cert_t *this) -{ - ref_get(&this->ref); - return this; -} - -/** - * Implementation of x509_cert_t.get_flags. - */ -static x509_flag_t get_flags(private_x509_cert_t *this) -{ - return this->flags; -} - -/** - * Implementation of x509_cert_t.get_validity. - */ -static bool get_validity(private_x509_cert_t *this, time_t *when, - time_t *not_before, time_t *not_after) -======= METHOD(certificate_t, get_ref, certificate_t*, private_x509_cert_t *this) { @@ -1812,7 +1629,6 @@ METHOD(certificate_t, get_ref, certificate_t*, METHOD(certificate_t, get_validity, bool, private_x509_cert_t *this, time_t *when, time_t *not_before, time_t *not_after) ->>>>>>> upstream/4.5.1 { time_t t = when ? *when : time(NULL); @@ -1827,16 +1643,8 @@ METHOD(certificate_t, get_validity, bool, return (t >= this->notBefore && t <= this->notAfter); } -<<<<<<< HEAD -/** - * Implementation of certificate_t.get_encoding. - */ -static bool get_encoding(private_x509_cert_t *this, cred_encoding_type_t type, - chunk_t *encoding) -======= METHOD(certificate_t, get_encoding, bool, private_x509_cert_t *this, cred_encoding_type_t type, chunk_t *encoding) ->>>>>>> upstream/4.5.1 { if (type == CERT_ASN1_DER) { @@ -1847,15 +1655,8 @@ METHOD(certificate_t, get_encoding, bool, CRED_PART_X509_ASN1_DER, this->encoding, CRED_PART_END); } -<<<<<<< HEAD -/** - * Implementation of certificate_t.equals. - */ -static bool equals(private_x509_cert_t *this, certificate_t *other) -======= METHOD(certificate_t, equals, bool, private_x509_cert_t *this, certificate_t *other) ->>>>>>> upstream/4.5.1 { chunk_t encoding; bool equal; @@ -1881,12 +1682,6 @@ METHOD(certificate_t, equals, bool, return equal; } -<<<<<<< HEAD -/** - * Implementation of x509_t.get_serial. - */ -static chunk_t get_serial(private_x509_cert_t *this) -======= METHOD(x509_t, get_flags, x509_flag_t, private_x509_cert_t *this) { @@ -1895,20 +1690,12 @@ METHOD(x509_t, get_flags, x509_flag_t, METHOD(x509_t, get_serial, chunk_t, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->serialNumber; } -<<<<<<< HEAD -/** - * Implementation of x509_t.get_subjectKeyIdentifier. - */ -static chunk_t get_subjectKeyIdentifier(private_x509_cert_t *this) -======= METHOD(x509_t, get_subjectKeyIdentifier, chunk_t, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { if (this->subjectKeyIdentifier.ptr) { @@ -1930,33 +1717,12 @@ METHOD(x509_t, get_subjectKeyIdentifier, chunk_t, } } -<<<<<<< HEAD -/** - * Implementation of x509_t.get_authKeyIdentifier. - */ -static chunk_t get_authKeyIdentifier(private_x509_cert_t *this) -======= METHOD(x509_t, get_authKeyIdentifier, chunk_t, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->authKeyIdentifier; } -<<<<<<< HEAD -/** - * Implementation of x509_t.get_pathLenConstraint. - */ -static int get_pathLenConstraint(private_x509_cert_t *this) -{ - return this->pathLenConstraint; -} - -/** - * Implementation of x509_cert_t.create_subjectAltName_enumerator. - */ -static enumerator_t* create_subjectAltName_enumerator(private_x509_cert_t *this) -======= METHOD(x509_t, get_constraint, u_int, private_x509_cert_t *this, x509_constraint_t type) { @@ -1977,56 +1743,28 @@ METHOD(x509_t, get_constraint, u_int, METHOD(x509_t, create_subjectAltName_enumerator, enumerator_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->subjectAltNames->create_enumerator(this->subjectAltNames); } -<<<<<<< HEAD -/** - * Implementation of x509_cert_t.create_ocsp_uri_enumerator. - */ -static enumerator_t* create_ocsp_uri_enumerator(private_x509_cert_t *this) -======= METHOD(x509_t, create_ocsp_uri_enumerator, enumerator_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->ocsp_uris->create_enumerator(this->ocsp_uris); } -<<<<<<< HEAD -/** - * Implementation of x509_cert_t.create_crl_uri_enumerator. - */ -static enumerator_t* create_crl_uri_enumerator(private_x509_cert_t *this) -======= METHOD(x509_t, create_crl_uri_enumerator, enumerator_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->crl_uris->create_enumerator(this->crl_uris); } -<<<<<<< HEAD -/** - * Implementation of x509_cert_t.create_ipAddrBlock_enumerator. - */ -static enumerator_t* create_ipAddrBlock_enumerator(private_x509_cert_t *this) -======= METHOD(x509_t, create_ipAddrBlock_enumerator, enumerator_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->ipAddrBlocks->create_enumerator(this->ipAddrBlocks); } -<<<<<<< HEAD -/** - * Implementation of certificate_t.destroy. - */ -static void destroy(private_x509_cert_t *this) -======= METHOD(x509_t, create_name_constraint_enumerator, enumerator_t*, private_x509_cert_t *this, bool perm) { @@ -2051,17 +1789,11 @@ METHOD(x509_t, create_policy_mapping_enumerator, enumerator_t*, METHOD(certificate_t, destroy, void, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { if (ref_put(&this->ref)) { this->subjectAltNames->destroy_offset(this->subjectAltNames, offsetof(identification_t, destroy)); -<<<<<<< HEAD - this->crl_uris->destroy_function(this->crl_uris, free); - this->ocsp_uris->destroy_function(this->ocsp_uris, free); - this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks, offsetof(traffic_selector_t, destroy)); -======= this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy); this->ocsp_uris->destroy_function(this->ocsp_uris, free); this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks, @@ -2074,7 +1806,6 @@ METHOD(certificate_t, destroy, void, (void*)cert_policy_destroy); this->policy_mappings->destroy_function(this->policy_mappings, (void*)policy_mapping_destroy); ->>>>>>> upstream/4.5.1 DESTROY_IF(this->issuer); DESTROY_IF(this->subject); DESTROY_IF(this->public_key); @@ -2096,56 +1827,6 @@ METHOD(certificate_t, destroy, void, */ static private_x509_cert_t* create_empty(void) { -<<<<<<< HEAD - private_x509_cert_t *this = malloc_thing(private_x509_cert_t); - - this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type; - this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject; - this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer; - this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject; - this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_issuer; - this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by; - this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key; - this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity; - this->public.interface.interface.get_encoding = (bool (*) (certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding; - this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals; - this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref; - this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; - this->public.interface.get_flags = (x509_flag_t (*)(x509_t*))get_flags; - this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial; - this->public.interface.get_subjectKeyIdentifier = (chunk_t (*)(x509_t*))get_subjectKeyIdentifier; - this->public.interface.get_authKeyIdentifier = (chunk_t (*)(x509_t*))get_authKeyIdentifier; - this->public.interface.get_pathLenConstraint = (int (*)(x509_t*))get_pathLenConstraint; - this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(x509_t*))create_subjectAltName_enumerator; - this->public.interface.create_crl_uri_enumerator = (enumerator_t* (*)(x509_t*))create_crl_uri_enumerator; - this->public.interface.create_ocsp_uri_enumerator = (enumerator_t* (*)(x509_t*))create_ocsp_uri_enumerator; - this->public.interface.create_ipAddrBlock_enumerator = (enumerator_t* (*)(x509_t*))create_ipAddrBlock_enumerator; - - this->encoding = chunk_empty; - this->encoding_hash = chunk_empty; - this->tbsCertificate = chunk_empty; - this->version = 1; - this->serialNumber = chunk_empty; - this->notBefore = 0; - this->notAfter = 0; - this->public_key = NULL; - this->subject = NULL; - this->issuer = NULL; - this->subjectAltNames = linked_list_create(); - this->crl_uris = linked_list_create(); - this->ocsp_uris = linked_list_create(); - this->ipAddrBlocks = linked_list_create(); - this->subjectKeyIdentifier = chunk_empty; - this->authKeyIdentifier = chunk_empty; - this->authKeySerialNumber = chunk_empty; - this->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; - this->algorithm = 0; - this->signature = chunk_empty; - this->flags = 0; - this->ref = 1; - this->parsed = FALSE; - -======= private_x509_cert_t *this; INIT(this, @@ -2194,13 +1875,10 @@ static private_x509_cert_t* create_empty(void) .inhibit_any = X509_NO_CONSTRAINT, .ref = 1, ); ->>>>>>> upstream/4.5.1 return this; } /** -<<<<<<< HEAD -======= * Build a generalName from an id */ chunk_t build_generalName(identification_t *id) @@ -2231,16 +1909,11 @@ chunk_t build_generalName(identification_t *id) } /** ->>>>>>> upstream/4.5.1 * Encode a linked list of subjectAltNames */ chunk_t x509_build_subjectAltNames(linked_list_t *list) { -<<<<<<< HEAD - chunk_t subjectAltNames = chunk_empty; -======= chunk_t subjectAltNames = chunk_empty, name; ->>>>>>> upstream/4.5.1 enumerator_t *enumerator; identification_t *id; @@ -2252,33 +1925,7 @@ chunk_t x509_build_subjectAltNames(linked_list_t *list) enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &id)) { -<<<<<<< HEAD - int context; - chunk_t name; - - switch (id->get_type(id)) - { - case ID_RFC822_ADDR: - context = ASN1_CONTEXT_S_1; - break; - case ID_FQDN: - context = ASN1_CONTEXT_S_2; - break; - case ID_IPV4_ADDR: - case ID_IPV6_ADDR: - context = ASN1_CONTEXT_S_7; - break; - default: - DBG1(DBG_LIB, "encoding %N as subjectAltName not supported", - id_type_names, id->get_type(id)); - enumerator->destroy(enumerator); - free(subjectAltNames.ptr); - return chunk_empty; - } - name = asn1_wrap(context, "c", id->get_encoding(id)); -======= name = build_generalName(id); ->>>>>>> upstream/4.5.1 subjectAltNames = chunk_cat("mm", subjectAltNames, name); } enumerator->destroy(enumerator); @@ -2292,8 +1939,6 @@ chunk_t x509_build_subjectAltNames(linked_list_t *list) } /** -<<<<<<< HEAD -======= * Encode CRL distribution points extension from a x509_cdp_t list */ chunk_t x509_build_crlDistributionPoints(linked_list_t *list, int extn) @@ -2335,7 +1980,6 @@ chunk_t x509_build_crlDistributionPoints(linked_list_t *list, int extn) } /** ->>>>>>> upstream/4.5.1 * Generate and sign a new certificate */ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, @@ -2343,14 +1987,6 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, { chunk_t extensions = chunk_empty, extendedKeyUsage = chunk_empty; chunk_t serverAuth = chunk_empty, clientAuth = chunk_empty; -<<<<<<< HEAD - chunk_t ocspSigning = chunk_empty; - chunk_t basicConstraints = chunk_empty; - chunk_t keyUsage = chunk_empty; - chunk_t subjectAltNames = chunk_empty; - chunk_t subjectKeyIdentifier = chunk_empty, authKeyIdentifier = chunk_empty; - chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty; -======= chunk_t ocspSigning = chunk_empty, certPolicies = chunk_empty; chunk_t basicConstraints = chunk_empty, nameConstraints = chunk_empty; chunk_t keyUsage = chunk_empty, keyUsageBits = chunk_empty; @@ -2358,7 +1994,6 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, chunk_t subjectKeyIdentifier = chunk_empty, authKeyIdentifier = chunk_empty; chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty; chunk_t policyConstraints = chunk_empty, inhibitAnyPolicy = chunk_empty; ->>>>>>> upstream/4.5.1 identification_t *issuer, *subject; chunk_t key_info; signature_scheme_t scheme; @@ -2412,34 +2047,8 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, /* encode subjectAltNames */ subjectAltNames = x509_build_subjectAltNames(cert->subjectAltNames); -<<<<<<< HEAD - /* encode CRL distribution points extension */ - enumerator = cert->crl_uris->create_enumerator(cert->crl_uris); - while (enumerator->enumerate(enumerator, &uri)) - { - chunk_t distributionPoint; - - distributionPoint = asn1_wrap(ASN1_SEQUENCE, "m", - asn1_wrap(ASN1_CONTEXT_C_0, "m", - asn1_wrap(ASN1_CONTEXT_C_0, "m", - asn1_wrap(ASN1_CONTEXT_S_6, "c", - chunk_create(uri, strlen(uri)))))); - - crlDistributionPoints = chunk_cat("mm", crlDistributionPoints, - distributionPoint); - } - enumerator->destroy(enumerator); - if (crlDistributionPoints.ptr) - { - crlDistributionPoints = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_build_known_oid(OID_CRL_DISTRIBUTION_POINTS), - asn1_wrap(ASN1_OCTET_STRING, "m", - asn1_wrap(ASN1_SEQUENCE, "m", crlDistributionPoints))); - } -======= crlDistributionPoints = x509_build_crlDistributionPoints(cert->crl_uris, OID_CRL_DISTRIBUTION_POINTS); ->>>>>>> upstream/4.5.1 /* encode OCSP URIs in authorityInfoAccess extension */ enumerator = cert->ocsp_uris->create_enumerator(cert->ocsp_uris); @@ -2468,18 +2077,10 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, { chunk_t pathLenConstraint = chunk_empty; -<<<<<<< HEAD - if (cert->pathLenConstraint != X509_NO_PATH_LEN_CONSTRAINT) - { - char pathlen = (char)cert->pathLenConstraint; - - pathLenConstraint = asn1_integer("c", chunk_from_thing(pathlen)); -======= if (cert->pathLenConstraint != X509_NO_CONSTRAINT) { pathLenConstraint = asn1_integer("c", chunk_from_thing(cert->pathLenConstraint)); ->>>>>>> upstream/4.5.1 } basicConstraints = asn1_wrap(ASN1_SEQUENCE, "mmm", asn1_build_known_oid(OID_BASIC_CONSTRAINTS), @@ -2490,15 +2091,6 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_BOOLEAN, "c", chunk_from_chars(0xFF)), pathLenConstraint))); -<<<<<<< HEAD - keyUsage = asn1_wrap(ASN1_SEQUENCE, "mmm", - asn1_build_known_oid(OID_KEY_USAGE), - asn1_wrap(ASN1_BOOLEAN, "c", - chunk_from_chars(0xFF)), - asn1_wrap(ASN1_OCTET_STRING, "m", - asn1_wrap(ASN1_BIT_STRING, "c", - chunk_from_chars(0x01, 0x06)))); -======= /* set CertificateSign and implicitly CRLsign */ keyUsageBits = chunk_from_chars(0x01, 0x06); } @@ -2513,7 +2105,6 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_BOOLEAN, "c", chunk_from_chars(0xFF)), asn1_wrap(ASN1_OCTET_STRING, "m", asn1_wrap(ASN1_BIT_STRING, "c", keyUsageBits))); ->>>>>>> upstream/4.5.1 } /* add serverAuth extendedKeyUsage flag */ @@ -2542,11 +2133,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, } /* add subjectKeyIdentifier to CA and OCSP signer certificates */ -<<<<<<< HEAD - if (cert->flags & (X509_CA | X509_OCSP_SIGNER)) -======= if (cert->flags & (X509_CA | X509_OCSP_SIGNER | X509_CRL_SIGN)) ->>>>>>> upstream/4.5.1 { chunk_t keyid; @@ -2574,17 +2161,6 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_CONTEXT_S_0, "c", keyid)))); } } -<<<<<<< HEAD - if (basicConstraints.ptr || subjectAltNames.ptr || authKeyIdentifier.ptr || - crlDistributionPoints.ptr) - { - extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m", - asn1_wrap(ASN1_SEQUENCE, "mmmmmmmm", - basicConstraints, keyUsage, subjectKeyIdentifier, - authKeyIdentifier, subjectAltNames, - extendedKeyUsage, crlDistributionPoints, - authorityInfoAccess)); -======= if (cert->permitted_names->get_count(cert->permitted_names) || cert->excluded_names->get_count(cert->excluded_names)) @@ -2732,7 +2308,6 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, extendedKeyUsage, crlDistributionPoints, authorityInfoAccess, nameConstraints, certPolicies, policyMappings, policyConstraints, inhibitAnyPolicy)); ->>>>>>> upstream/4.5.1 } cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm", @@ -2815,10 +2390,7 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) certificate_t *sign_cert = NULL; private_key_t *sign_key = NULL; hash_algorithm_t digest_alg = HASH_SHA1; -<<<<<<< HEAD -======= u_int constraint; ->>>>>>> upstream/4.5.1 cert = create_empty(); while (TRUE) @@ -2862,15 +2434,6 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) { enumerator_t *enumerator; linked_list_t *list; -<<<<<<< HEAD - char *uri; - - list = va_arg(args, linked_list_t*); - enumerator = list->create_enumerator(list); - while (enumerator->enumerate(enumerator, &uri)) - { - cert->crl_uris->insert_last(cert->crl_uris, strdup(uri)); -======= x509_cdp_t *in, *cdp; list = va_arg(args, linked_list_t*); @@ -2882,7 +2445,6 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) .issuer = in->issuer ? in->issuer->clone(in->issuer) : NULL, ); cert->crl_uris->insert_last(cert->crl_uris, cdp); ->>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); continue; @@ -2903,13 +2465,6 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) continue; } case BUILD_PATHLEN: -<<<<<<< HEAD - cert->pathLenConstraint = va_arg(args, int); - if (cert->pathLenConstraint < 0 || cert->pathLenConstraint > 127) - { - cert->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; - } -======= constraint = va_arg(args, u_int); cert->pathLenConstraint = (constraint < 128) ? constraint : X509_NO_CONSTRAINT; @@ -3000,7 +2555,6 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) constraint = va_arg(args, u_int); cert->inhibit_any = (constraint < 128) ? constraint : X509_NO_CONSTRAINT; ->>>>>>> upstream/4.5.1 continue; case BUILD_NOT_BEFORE_TIME: cert->notBefore = va_arg(args, time_t); diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index 3e62681f5..758505ab5 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -100,14 +100,11 @@ struct private_x509_crl_t { linked_list_t *revoked; /** -<<<<<<< HEAD -======= * List of Freshest CRL distribution points */ linked_list_t *crl_uris; /** ->>>>>>> upstream/4.5.1 * Authority Key Identifier */ chunk_t authKeyIdentifier; @@ -118,14 +115,11 @@ struct private_x509_crl_t { chunk_t authKeySerialNumber; /** -<<<<<<< HEAD -======= * Number of BaseCRL, if a delta CRL */ chunk_t baseCrlNumber; /** ->>>>>>> upstream/4.5.1 * Signature algorithm */ int algorithm; @@ -149,11 +143,6 @@ struct private_x509_crl_t { /** * from x509_cert */ -<<<<<<< HEAD -extern chunk_t x509_parse_authorityKeyIdentifier( - chunk_t blob, int level0, - chunk_t *authKeySerialNumber); -======= extern chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, chunk_t *authKeySerialNumber); @@ -167,7 +156,6 @@ extern void x509_parse_crlDistributionPoints(chunk_t blob, int level0, * from x509_cert */ extern chunk_t x509_build_crlDistributionPoints(linked_list_t *list, int extn); ->>>>>>> upstream/4.5.1 /** * ASN.1 definition of an X.509 certificate revocation list @@ -238,11 +226,7 @@ static bool parse(private_x509_crl_t *this) int objectID; int sig_alg = OID_UNKNOWN; bool success = FALSE; -<<<<<<< HEAD - bool critical; -======= bool critical = FALSE; ->>>>>>> upstream/4.5.1 revoked_t *revoked = NULL; parser = asn1_parser_create(crlObjects, this->encoding); @@ -294,28 +278,6 @@ static bool parse(private_x509_crl_t *this) break; case CRL_OBJ_CRL_ENTRY_EXTN_VALUE: case CRL_OBJ_EXTN_VALUE: -<<<<<<< HEAD - { - int extn_oid = asn1_known_oid(extnID); - - if (revoked && extn_oid == OID_CRL_REASON_CODE) - { - if (*object.ptr == ASN1_ENUMERATED && - asn1_length(&object) == 1) - { - revoked->reason = *object.ptr; - } - DBG2(DBG_LIB, " '%N'", crl_reason_names, - revoked->reason); - } - else if (extn_oid == OID_AUTHORITY_KEY_ID) - { - this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, - level, &this->authKeySerialNumber); - } - else if (extn_oid == OID_CRL_NUMBER) - { -======= { int extn_oid = asn1_known_oid(extnID); @@ -339,18 +301,12 @@ static bool parse(private_x509_crl_t *this) object, level, &this->authKeySerialNumber); break; case OID_CRL_NUMBER: ->>>>>>> upstream/4.5.1 if (!asn1_parse_simple_object(&object, ASN1_INTEGER, level, "crlNumber")) { goto end; } this->crlNumber = object; -<<<<<<< HEAD - } - } - break; -======= break; case OID_FRESHEST_CRL: x509_parse_crlDistributionPoints(object, level, @@ -377,7 +333,6 @@ static bool parse(private_x509_crl_t *this) } break; } ->>>>>>> upstream/4.5.1 case CRL_OBJ_ALGORITHM: { this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); @@ -435,8 +390,6 @@ METHOD(crl_t, get_authKeyIdentifier, chunk_t, return this->authKeyIdentifier; } -<<<<<<< HEAD -======= METHOD(crl_t, is_delta_crl, bool, private_x509_crl_t *this, chunk_t *base_crl) { @@ -457,7 +410,6 @@ METHOD(crl_t, create_delta_crl_uri_enumerator, enumerator_t*, return this->crl_uris->create_enumerator(this->crl_uris); } ->>>>>>> upstream/4.5.1 METHOD(crl_t, create_enumerator, enumerator_t*, private_x509_crl_t *this) { @@ -502,11 +454,7 @@ METHOD(certificate_t, issued_by, bool, { return FALSE; } -<<<<<<< HEAD - if (!(x509->get_flags(x509) & X509_CA)) -======= if (!(x509->get_flags(x509) & (X509_CA | X509_CRL_SIGN))) ->>>>>>> upstream/4.5.1 { return FALSE; } @@ -619,8 +567,6 @@ static void revoked_destroy(revoked_t *revoked) free(revoked); } -<<<<<<< HEAD -======= /** * Destroy a CDP entry */ @@ -631,27 +577,20 @@ static void cdp_destroy(x509_cdp_t *this) free(this); } ->>>>>>> upstream/4.5.1 METHOD(certificate_t, destroy, void, private_x509_crl_t *this) { if (ref_put(&this->ref)) { this->revoked->destroy_function(this->revoked, (void*)revoked_destroy); -<<<<<<< HEAD -======= this->crl_uris->destroy_function(this->crl_uris, (void*)cdp_destroy); ->>>>>>> upstream/4.5.1 DESTROY_IF(this->issuer); free(this->authKeyIdentifier.ptr); free(this->encoding.ptr); if (this->generated) { free(this->crlNumber.ptr); -<<<<<<< HEAD -======= free(this->baseCrlNumber.ptr); ->>>>>>> upstream/4.5.1 free(this->signature.ptr); free(this->tbsCertList.ptr); } @@ -685,19 +624,13 @@ static private_x509_crl_t* create_empty(void) }, .get_serial = _get_serial, .get_authKeyIdentifier = _get_authKeyIdentifier, -<<<<<<< HEAD -======= .is_delta_crl = _is_delta_crl, .create_delta_crl_uri_enumerator = _create_delta_crl_uri_enumerator, ->>>>>>> upstream/4.5.1 .create_enumerator = _create_enumerator, }, }, .revoked = linked_list_create(), -<<<<<<< HEAD -======= .crl_uris = linked_list_create(), ->>>>>>> upstream/4.5.1 .ref = 1, ); return this; @@ -766,10 +699,7 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, private_key_t *key, hash_algorithm_t digest_alg) { chunk_t extensions = chunk_empty, certList = chunk_empty, serial; -<<<<<<< HEAD -======= chunk_t crlDistributionPoints = chunk_empty, baseCrlNumber = chunk_empty; ->>>>>>> upstream/4.5.1 enumerator_t *enumerator; crl_reason_t reason; time_t date; @@ -777,11 +707,7 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, x509 = (x509_t*)cert; -<<<<<<< HEAD - this->issuer = cert->get_issuer(cert); -======= this->issuer = cert->get_subject(cert); ->>>>>>> upstream/4.5.1 this->issuer = this->issuer->clone(this->issuer); this->authKeyIdentifier = chunk_clone(x509->get_subjectKeyIdentifier(x509)); @@ -816,10 +742,6 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, } enumerator->destroy(enumerator); -<<<<<<< HEAD - extensions = asn1_wrap(ASN1_CONTEXT_C_0, "m", - asn1_wrap(ASN1_SEQUENCE, "mm", -======= crlDistributionPoints = x509_build_crlDistributionPoints(this->crl_uris, OID_FRESHEST_CRL); @@ -835,7 +757,6 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, extensions = asn1_wrap(ASN1_CONTEXT_C_0, "m", asn1_wrap(ASN1_SEQUENCE, "mmmm", ->>>>>>> upstream/4.5.1 asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_AUTHORITY_KEY_ID), asn1_wrap(ASN1_OCTET_STRING, "m", @@ -845,14 +766,8 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_CRL_NUMBER), asn1_wrap(ASN1_OCTET_STRING, "m", -<<<<<<< HEAD - asn1_integer("c", this->crlNumber)) - ) - )); -======= asn1_integer("c", this->crlNumber))), crlDistributionPoints, baseCrlNumber)); ->>>>>>> upstream/4.5.1 this->tbsCertList = asn1_wrap(ASN1_SEQUENCE, "cmcmmmm", ASN1_INTEGER_1, @@ -915,8 +830,6 @@ x509_crl_t *x509_crl_gen(certificate_type_t type, va_list args) case BUILD_REVOKED_ENUMERATOR: read_revoked(crl, va_arg(args, enumerator_t*)); continue; -<<<<<<< HEAD -======= case BUILD_BASE_CRL: crl->baseCrlNumber = va_arg(args, chunk_t); crl->baseCrlNumber = chunk_clone(crl->baseCrlNumber); @@ -940,7 +853,6 @@ x509_crl_t *x509_crl_gen(certificate_type_t type, va_list args) enumerator->destroy(enumerator); continue; } ->>>>>>> upstream/4.5.1 case BUILD_END: break; default: diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 829f47f81..4cbe3f718 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -453,7 +453,7 @@ static const asn1Object_t basicResponseObjects[] = { { 5, "critical", ASN1_BOOLEAN, ASN1_BODY | ASN1_DEF }, /* 16 */ { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 17 */ - { 4, "end loop", ASN1_EOC, ASN1_END }, /* 18 */ + { 3, "end loop", ASN1_EOC, ASN1_END }, /* 18 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 19 */ { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 20 */ { 1, "signature", ASN1_BIT_STRING, ASN1_BODY }, /* 21 */ diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c index a3c071f12..bfeb74b0e 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.c +++ b/src/libstrongswan/plugins/x509/x509_plugin.c @@ -36,15 +36,14 @@ struct private_x509_plugin_t { x509_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of x509_plugin_t.x509troy - */ -static void destroy(private_x509_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_x509_plugin_t *this) +{ + return "x509"; +} + METHOD(plugin_t, destroy, void, private_x509_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)x509_cert_gen); @@ -74,21 +73,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *x509_plugin_create() { -<<<<<<< HEAD - private_x509_plugin_t *this = malloc_thing(private_x509_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_x509_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE, (builder_function_t)x509_cert_gen); diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 22b3c9543..35f868de4 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c index be18d92b8..8ddde962c 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.c +++ b/src/libstrongswan/plugins/xcbc/xcbc.c @@ -236,13 +236,17 @@ METHOD(xcbc_t, set_key, void, memset(k1.ptr, 0x01, this->b); this->k1->encrypt(this->k1, k1, iv, NULL); this->k1->set_key(this->k1, k1); + + memwipe(k1.ptr, k1.len); } METHOD(xcbc_t, destroy, void, private_xcbc_t *this) { this->k1->destroy(this->k1); + memwipe(this->k2, this->b); free(this->k2); + memwipe(this->k3, this->b); free(this->k3); free(this->e); free(this->remaining); diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c index 19d5a03fe..0fcb093c8 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c @@ -19,11 +19,6 @@ #include "xcbc_signer.h" #include "xcbc_prf.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "xcbc"; - ->>>>>>> upstream/4.5.1 typedef struct private_xcbc_plugin_t private_xcbc_plugin_t; /** @@ -37,6 +32,12 @@ struct private_xcbc_plugin_t { xcbc_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_xcbc_plugin_t *this) +{ + return "xcbc"; +} + METHOD(plugin_t, destroy, void, private_xcbc_plugin_t *this) { @@ -53,49 +54,36 @@ METHOD(plugin_t, destroy, void, plugin_t *xcbc_plugin_create() { private_xcbc_plugin_t *this; -<<<<<<< HEAD -======= crypter_t *crypter; ->>>>>>> upstream/4.5.1 INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, - (prf_constructor_t)xcbc_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC, - (prf_constructor_t)xcbc_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, - (signer_constructor_t)xcbc_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96, - (signer_constructor_t)xcbc_signer_create); - -======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, get_name(this), (prf_constructor_t)xcbc_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, get_name(this), (signer_constructor_t)xcbc_signer_create); } crypter = lib->crypto->create_crypter(lib->crypto, ENCR_CAMELLIA_CBC, 16); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC, get_name(this), (prf_constructor_t)xcbc_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96, get_name(this), (signer_constructor_t)xcbc_signer_create); } ->>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/printf_hook.c b/src/libstrongswan/printf_hook.c index 1f57ffcce..7e7045d69 100644 --- a/src/libstrongswan/printf_hook.c +++ b/src/libstrongswan/printf_hook.c @@ -377,15 +377,8 @@ int vstr_wrapper_vasprintf(char **str, const char *format, va_list args) } #endif -<<<<<<< HEAD -/** - * Implementation of printf_hook_t.add_handler. - */ -static void add_handler(private_printf_hook_t *this, char spec, -======= METHOD(printf_hook_t, add_handler, void, private_printf_hook_t *this, char spec, ->>>>>>> upstream/4.5.1 printf_hook_function_t hook, ...) { int i = -1; @@ -444,15 +437,8 @@ METHOD(printf_hook_t, add_handler, void, } } -<<<<<<< HEAD -/** - * Implementation of printf_hook_t.destroy - */ -static void destroy(private_printf_hook_t *this) -======= METHOD(printf_hook_t, destroy, void, private_printf_hook_t *this) ->>>>>>> upstream/4.5.1 { int i; #ifdef USE_VSTR @@ -487,12 +473,6 @@ METHOD(printf_hook_t, destroy, void, */ printf_hook_t *printf_hook_create() { -<<<<<<< HEAD - private_printf_hook_t *this = malloc_thing(private_printf_hook_t); - - this->public.add_handler = (void(*)(printf_hook_t*, char, printf_hook_function_t, ...))add_handler; - this->public.destroy = (void(*)(printf_hook_t*))destroy; -======= private_printf_hook_t *this; INIT(this, @@ -501,7 +481,6 @@ printf_hook_t *printf_hook_create() .destroy = _destroy, }, ); ->>>>>>> upstream/4.5.1 memset(printf_hooks, 0, sizeof(printf_hooks)); diff --git a/src/libstrongswan/processing/jobs/callback_job.c b/src/libstrongswan/processing/jobs/callback_job.c index 556cbd907..0043a9cdb 100644 --- a/src/libstrongswan/processing/jobs/callback_job.c +++ b/src/libstrongswan/processing/jobs/callback_job.c @@ -1,6 +1,7 @@ /* * Copyright (C) 2009 Tobias Brunner - * Copyright (C) 2007 Martin Willi + * Copyright (C) 2007-2011 Martin Willi + * Copyright (C) 2011 revosec AG * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -29,6 +30,7 @@ typedef struct private_callback_job_t private_callback_job_t; * Private data of an callback_job_t Object. */ struct private_callback_job_t { + /** * Public callback_job_t interface. */ @@ -111,10 +113,8 @@ static void unregister(private_callback_job_t *this) } } -/** - * Implements job_t.destroy. - */ -static void destroy(private_callback_job_t *this) +METHOD(job_t, destroy, void, + private_callback_job_t *this) { this->mutex->lock(this->mutex); unregister(this); @@ -133,10 +133,8 @@ static void destroy(private_callback_job_t *this) free(this); } -/** - * Implementation of callback_job_t.cancel. - */ -static void cancel(private_callback_job_t *this) +METHOD(callback_job_t, cancel, void, + private_callback_job_t *this) { callback_job_t *child; sem_t *terminated = NULL; @@ -177,10 +175,8 @@ static void cancel(private_callback_job_t *this) } } -/** - * Implementation of job_t.execute. - */ -static void execute(private_callback_job_t *this) +METHOD(job_t, execute, void, + private_callback_job_t *this) { bool cleanup = FALSE, requeue = FALSE; @@ -226,8 +222,7 @@ static void execute(private_callback_job_t *this) thread_cancellation_point(); if (requeue) { - lib->processor->queue_job(lib->processor, - &this->public.job_interface); + lib->processor->queue_job(lib->processor, &this->public.job); } thread_cleanup_pop(cleanup); } @@ -239,24 +234,24 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, callback_job_cleanup_t cleanup, callback_job_t *parent) { - private_callback_job_t *this = malloc_thing(private_callback_job_t); - - /* interface functions */ - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - this->public.cancel = (void(*)(callback_job_t*))cancel; + private_callback_job_t *this; - /* private variables */ - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->callback = cb; - this->data = data; - this->cleanup = cleanup; - this->thread = 0; - this->children = linked_list_create(); - this->parent = (private_callback_job_t*)parent; - this->cancelled = FALSE; - this->destroyable = condvar_create(CONDVAR_TYPE_DEFAULT); - this->terminated = NULL; + INIT(this, + .public = { + .job = { + .execute = _execute, + .destroy = _destroy, + }, + .cancel = _cancel, + }, + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .callback = cb, + .data = data, + .cleanup = cleanup, + .children = linked_list_create(), + .parent = (private_callback_job_t*)parent, + .destroyable = condvar_create(CONDVAR_TYPE_DEFAULT), + ); /* register us at parent */ if (parent) diff --git a/src/libstrongswan/processing/jobs/callback_job.h b/src/libstrongswan/processing/jobs/callback_job.h index 62da1edd1..1eb5664d3 100644 --- a/src/libstrongswan/processing/jobs/callback_job.h +++ b/src/libstrongswan/processing/jobs/callback_job.h @@ -1,5 +1,6 @@ /* - * Copyright (C) 2007 Martin Willi + * Copyright (C) 2007-2011 Martin Willi + * Copyright (C) 2011 revosec AG * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -30,7 +31,7 @@ typedef struct callback_job_t callback_job_t; typedef enum job_requeue_t job_requeue_t; /** - * Job requeueing policy + * Job requeueing policy. * * The job requeueing policy defines how a job is handled when the callback * function returns. @@ -84,15 +85,19 @@ typedef void (*callback_job_cleanup_t)(void *data); * of asynchronous methods, without to manage threads. */ struct callback_job_t { + /** * The job_t interface. */ - job_t job_interface; + job_t job; /** - * Cancel the job's thread and wait for its termination. This only works - * reliably for jobs that always use JOB_REQUEUE_FAIR or JOB_REQUEUE_DIRECT, - * otherwise the job may already be destroyed when cancel is called. */ + * Cancel the job's thread and wait for its termination. + * + * This only works reliably for jobs that always use JOB_REQUEUE_FAIR or + * JOB_REQUEUE_DIRECT, otherwise the job may already be destroyed when + * cancel is called. + */ void (*cancel)(callback_job_t *this); }; diff --git a/src/libstrongswan/processing/processor.c b/src/libstrongswan/processing/processor.c index 6c0d9aa84..de556f86b 100644 --- a/src/libstrongswan/processing/processor.c +++ b/src/libstrongswan/processing/processor.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2005-2007 Martin Willi + * Copyright (C) 2005-2011 Martin Willi + * Copyright (C) 2011 revosec AG * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -136,50 +137,46 @@ static void process_jobs(private_processor_t *this) thread_cleanup_pop(FALSE); this->mutex->lock(this->mutex); } + this->total_threads--; + this->thread_terminated->signal(this->thread_terminated); this->mutex->unlock(this->mutex); - restart(this); } -/** - * Implementation of processor_t.get_total_threads. - */ -static u_int get_total_threads(private_processor_t *this) +METHOD(processor_t, get_total_threads, u_int, + private_processor_t *this) { u_int count; + this->mutex->lock(this->mutex); count = this->total_threads; this->mutex->unlock(this->mutex); return count; } -/** - * Implementation of processor_t.get_idle_threads. - */ -static u_int get_idle_threads(private_processor_t *this) +METHOD(processor_t, get_idle_threads, u_int, + private_processor_t *this) { u_int count; + this->mutex->lock(this->mutex); count = this->idle_threads; this->mutex->unlock(this->mutex); return count; } -/** - * implements processor_t.get_job_load - */ -static u_int get_job_load(private_processor_t *this) +METHOD(processor_t, get_job_load, u_int, + private_processor_t *this) { u_int load; + this->mutex->lock(this->mutex); load = this->list->get_count(this->list); this->mutex->unlock(this->mutex); return load; } -/** - * implements function processor_t.queue_job - */ -static void queue_job(private_processor_t *this, job_t *job) +METHOD(processor_t, queue_job, void, + private_processor_t *this, job_t *job) { this->mutex->lock(this->mutex); this->list->insert_last(this->list, job); @@ -187,10 +184,8 @@ static void queue_job(private_processor_t *this, job_t *job) this->mutex->unlock(this->mutex); } -/** - * Implementation of processor_t.set_threads. - */ -static void set_threads(private_processor_t *this, u_int count) +METHOD(processor_t, set_threads, void, + private_processor_t *this, u_int count) { this->mutex->lock(this->mutex); if (count > this->total_threads) @@ -218,12 +213,11 @@ static void set_threads(private_processor_t *this, u_int count) this->mutex->unlock(this->mutex); } -/** - * Implementation of processor_t.destroy. - */ -static void destroy(private_processor_t *this) +METHOD(processor_t, destroy, void, + private_processor_t *this) { thread_t *current; + set_threads(this, 0); this->mutex->lock(this->mutex); while (this->total_threads > 0) @@ -248,29 +242,25 @@ static void destroy(private_processor_t *this) /* * Described in header. */ -<<<<<<< HEAD -processor_t *processor_create(size_t pool_size) -======= processor_t *processor_create() ->>>>>>> upstream/4.5.1 { - private_processor_t *this = malloc_thing(private_processor_t); - - this->public.get_total_threads = (u_int(*)(processor_t*))get_total_threads; - this->public.get_idle_threads = (u_int(*)(processor_t*))get_idle_threads; - this->public.get_job_load = (u_int(*)(processor_t*))get_job_load; - this->public.queue_job = (void(*)(processor_t*, job_t*))queue_job; - this->public.set_threads = (void(*)(processor_t*, u_int))set_threads; - this->public.destroy = (void(*)(processor_t*))destroy; - - this->list = linked_list_create(); - this->threads = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->job_added = condvar_create(CONDVAR_TYPE_DEFAULT); - this->thread_terminated = condvar_create(CONDVAR_TYPE_DEFAULT); - this->total_threads = 0; - this->desired_threads = 0; - this->idle_threads = 0; + private_processor_t *this; + + INIT(this, + .public = { + .get_total_threads = _get_total_threads, + .get_idle_threads = _get_idle_threads, + .get_job_load = _get_job_load, + .queue_job = _queue_job, + .set_threads = _set_threads, + .destroy = _destroy, + }, + .list = linked_list_create(), + .threads = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .job_added = condvar_create(CONDVAR_TYPE_DEFAULT), + .thread_terminated = condvar_create(CONDVAR_TYPE_DEFAULT), + ); return &this->public; } diff --git a/src/libstrongswan/processing/scheduler.c b/src/libstrongswan/processing/scheduler.c index e23f04598..7d9bcd70f 100644 --- a/src/libstrongswan/processing/scheduler.c +++ b/src/libstrongswan/processing/scheduler.c @@ -232,10 +232,8 @@ static job_requeue_t schedule(private_scheduler_t * this) return JOB_REQUEUE_DIRECT; } -/** - * Implements scheduler_t.get_job_load - */ -static u_int get_job_load(private_scheduler_t *this) +METHOD(scheduler_t, get_job_load, u_int, + private_scheduler_t *this) { int count; this->mutex->lock(this->mutex); @@ -244,10 +242,8 @@ static u_int get_job_load(private_scheduler_t *this) return count; } -/** - * Implements scheduler_t.schedule_job_tv. - */ -static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv) +METHOD(scheduler_t, schedule_job_tv, void, + private_scheduler_t *this, job_t *job, timeval_t tv) { event_t *event; u_int position; @@ -283,10 +279,8 @@ static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv) this->mutex->unlock(this->mutex); } -/** - * Implements scheduler_t.schedule_job. - */ -static void schedule_job(private_scheduler_t *this, job_t *job, u_int32_t s) +METHOD(scheduler_t, schedule_job, void, + private_scheduler_t *this, job_t *job, u_int32_t s) { timeval_t tv; @@ -296,10 +290,8 @@ static void schedule_job(private_scheduler_t *this, job_t *job, u_int32_t s) schedule_job_tv(this, job, tv); } -/** - * Implements scheduler_t.schedule_job_ms. - */ -static void schedule_job_ms(private_scheduler_t *this, job_t *job, u_int32_t ms) +METHOD(scheduler_t, schedule_job_ms, void, + private_scheduler_t *this, job_t *job, u_int32_t ms) { timeval_t tv, add; @@ -312,10 +304,8 @@ static void schedule_job_ms(private_scheduler_t *this, job_t *job, u_int32_t ms) schedule_job_tv(this, job, tv); } -/** - * Implementation of scheduler_t.destroy. - */ -static void destroy(private_scheduler_t *this) +METHOD(scheduler_t, destroy, void, + private_scheduler_t *this) { event_t *event; this->job->cancel(this->job); @@ -334,22 +324,23 @@ static void destroy(private_scheduler_t *this) */ scheduler_t * scheduler_create() { - private_scheduler_t *this = malloc_thing(private_scheduler_t); - - this->public.get_job_load = (u_int (*) (scheduler_t *this)) get_job_load; - this->public.schedule_job = (void (*) (scheduler_t *this, job_t *job, u_int32_t s)) schedule_job; - this->public.schedule_job_ms = (void (*) (scheduler_t *this, job_t *job, u_int32_t ms)) schedule_job_ms; - this->public.schedule_job_tv = (void (*) (scheduler_t *this, job_t *job, timeval_t tv)) schedule_job_tv; - this->public.destroy = (void(*)(scheduler_t*)) destroy; + private_scheduler_t *this; + + INIT(this, + .public = { + .get_job_load = _get_job_load, + .schedule_job = _schedule_job, + .schedule_job_ms = _schedule_job_ms, + .schedule_job_tv = _schedule_job_tv, + .destroy = _destroy, + }, + .heap_size = HEAP_SIZE_DEFAULT, + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), + ); - /* Note: the root of the heap is at index 1 */ - this->event_count = 0; - this->heap_size = HEAP_SIZE_DEFAULT; this->heap = (event_t**)calloc(this->heap_size + 1, sizeof(event_t*)); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); - this->job = callback_job_create((callback_job_cb_t)schedule, this, NULL, NULL); lib->processor->queue_job(lib->processor, (job_t*)this->job); diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c index f675f51f1..32da194ef 100644 --- a/src/libstrongswan/selectors/traffic_selector.c +++ b/src/libstrongswan/selectors/traffic_selector.c @@ -393,23 +393,15 @@ static bool equals(private_traffic_selector_t *this, private_traffic_selector_t switch (this->type) { case TS_IPV4_ADDR_RANGE: -<<<<<<< HEAD - if (memeq(this->from4, other->from4, sizeof(this->from4))) -======= if (memeq(this->from4, other->from4, sizeof(this->from4)) && memeq(this->to4, other->to4, sizeof(this->to4))) ->>>>>>> upstream/4.5.1 { return TRUE; } break; case TS_IPV6_ADDR_RANGE: -<<<<<<< HEAD - if (memeq(this->from6, other->from6, sizeof(this->from6))) -======= if (memeq(this->from6, other->from6, sizeof(this->from6)) && memeq(this->to6, other->to6, sizeof(this->to6))) ->>>>>>> upstream/4.5.1 { return TRUE; } diff --git a/src/libstrongswan/settings.c b/src/libstrongswan/settings.c index c16c6a1f1..8a2248b46 100644 --- a/src/libstrongswan/settings.c +++ b/src/libstrongswan/settings.c @@ -1,8 +1,5 @@ /* -<<<<<<< HEAD -======= * Copyright (C) 2010 Tobias Brunner ->>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -22,24 +19,23 @@ #include <stdarg.h> #include <stdio.h> #include <errno.h> -<<<<<<< HEAD -======= #include <limits.h> -#include <glob.h> #include <libgen.h> ->>>>>>> upstream/4.5.1 +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> + +#ifdef HAVE_GLOB_H +#include <glob.h> +#endif /* HAVE_GLOB_H */ #include "settings.h" #include "debug.h" #include "utils/linked_list.h" -<<<<<<< HEAD - -======= #include "threading/rwlock.h" #define MAX_INCLUSION_LEVEL 10 ->>>>>>> upstream/4.5.1 typedef struct private_settings_t private_settings_t; typedef struct section_t section_t; @@ -61,11 +57,6 @@ struct private_settings_t { section_t *top; /** -<<<<<<< HEAD - * allocated file text - */ - char *text; -======= * contents of loaded files and in-memory settings (char*) */ linked_list_t *contents; @@ -74,7 +65,6 @@ struct private_settings_t { * lock to safely access the settings */ rwlock_t *lock; ->>>>>>> upstream/4.5.1 }; /** @@ -115,8 +105,6 @@ struct kv_t { }; /** -<<<<<<< HEAD -======= * create a key/value pair */ static kv_t *kv_create(char *key, char *value) @@ -164,6 +152,17 @@ static void section_destroy(section_t *this) } /** + * Purge contents of a section + */ +static void section_purge(section_t *this) +{ + this->kv->destroy_function(this->kv, (void*)kv_destroy); + this->kv = linked_list_create(); + this->sections->destroy_function(this->sections, (void*)section_destroy); + this->sections = linked_list_create(); +} + +/** * callback to find a section by name */ static bool section_find(section_t *this, char *name) @@ -180,7 +179,6 @@ static bool kv_find(kv_t *this, char *key) } /** ->>>>>>> upstream/4.5.1 * Print a format key, but consume already processed arguments */ static bool print_key(char *buf, int len, char *start, char *key, va_list args) @@ -229,16 +227,6 @@ static bool print_key(char *buf, int len, char *start, char *key, va_list args) } /** -<<<<<<< HEAD - * find a section by a given key, using buffered key, reusable buffer - */ -static section_t *find_section_buffered(section_t *section, - char *start, char *key, va_list args, char *buf, int len) -{ - char *pos; - enumerator_t *enumerator; - section_t *current, *found = NULL; -======= * Find a section by a given key, using buffered key, reusable buffer. * If "ensure" is TRUE, the sections are created if they don't exist. */ @@ -248,7 +236,6 @@ static section_t *find_section_buffered(section_t *section, { char *pos; section_t *found = NULL; ->>>>>>> upstream/4.5.1 if (section == NULL) { @@ -264,21 +251,6 @@ static section_t *find_section_buffered(section_t *section, { return NULL; } -<<<<<<< HEAD - enumerator = section->sections->create_enumerator(section->sections); - while (enumerator->enumerate(enumerator, ¤t)) - { - if (streq(current->name, buf)) - { - found = current; - break; - } - } - enumerator->destroy(enumerator); - if (found && pos) - { - return find_section_buffered(found, start, pos, args, buf, len); -======= if (section->sections->find_first(section->sections, (linked_list_match_t)section_find, (void**)&found, buf) != SUCCESS) @@ -292,19 +264,11 @@ static section_t *find_section_buffered(section_t *section, if (found && pos) { return find_section_buffered(found, start, pos, args, buf, len, ensure); ->>>>>>> upstream/4.5.1 } return found; } /** -<<<<<<< HEAD - * find a section by a given key - */ -static section_t *find_section(section_t *section, char *key, va_list args) -{ - char buf[128], keybuf[512]; -======= * Find a section by a given key (thread-safe). */ static section_t *find_section(private_settings_t *this, section_t *section, @@ -312,27 +276,11 @@ static section_t *find_section(private_settings_t *this, section_t *section, { char buf[128], keybuf[512]; section_t *found; ->>>>>>> upstream/4.5.1 if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) { return NULL; } -<<<<<<< HEAD - return find_section_buffered(section, keybuf, keybuf, args, buf, sizeof(buf)); -} - -/** - * Find the string value for a key, using buffered key, reusable buffer - */ -static char *find_value_buffered(section_t *section, - char *start, char *key, va_list args, char *buf, int len) -{ - char *pos, *value = NULL; - enumerator_t *enumerator; - kv_t *kv; - section_t *current, *found = NULL; -======= this->lock->read_lock(this->lock); found = find_section_buffered(section, keybuf, keybuf, args, buf, sizeof(buf), FALSE); @@ -372,7 +320,6 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, char *pos; kv_t *kv = NULL; section_t *found = NULL; ->>>>>>> upstream/4.5.1 if (section == NULL) { @@ -389,22 +336,6 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, { return NULL; } -<<<<<<< HEAD - enumerator = section->sections->create_enumerator(section->sections); - while (enumerator->enumerate(enumerator, ¤t)) - { - if (streq(current->name, buf)) - { - found = current; - break; - } - } - enumerator->destroy(enumerator); - if (found) - { - return find_value_buffered(found, start, pos, args, buf, len); - } -======= if (section->sections->find_first(section->sections, (linked_list_match_t)section_find, (void**)&found, buf) != SUCCESS) @@ -418,7 +349,6 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, } return find_value_buffered(found, start, pos, args, buf, len, ensure); ->>>>>>> upstream/4.5.1 } else { @@ -426,28 +356,6 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, { return NULL; } -<<<<<<< HEAD - enumerator = section->kv->create_enumerator(section->kv); - while (enumerator->enumerate(enumerator, &kv)) - { - if (streq(kv->key, buf)) - { - value = kv->value; - break; - } - } - enumerator->destroy(enumerator); - } - return value; -} - -/** - * Find the string value for a key - */ -static char *find_value(section_t *section, char *key, va_list args) -{ - char buf[128], keybuf[512]; -======= if (section->kv->find_first(section->kv, (linked_list_match_t)kv_find, (void**)&kv, buf) != SUCCESS) { @@ -469,21 +377,11 @@ static char *find_value(private_settings_t *this, section_t *section, { char buf[128], keybuf[512], *value = NULL; kv_t *kv; ->>>>>>> upstream/4.5.1 if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) { return NULL; } -<<<<<<< HEAD - return find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf)); -} - -/** - * Implementation of settings_t.get. - */ -static char* get_str(private_settings_t *this, char *key, char *def, ...) -======= this->lock->read_lock(this->lock); kv = find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf), FALSE); @@ -532,17 +430,12 @@ static void set_value(private_settings_t *this, section_t *section, METHOD(settings_t, get_str, char*, private_settings_t *this, char *key, char *def, ...) ->>>>>>> upstream/4.5.1 { char *value; va_list args; va_start(args, def); -<<<<<<< HEAD - value = find_value(this->top, key, args); -======= value = find_value(this, this->top, key, args); ->>>>>>> upstream/4.5.1 va_end(args); if (value) { @@ -552,31 +445,6 @@ METHOD(settings_t, get_str, char*, } /** -<<<<<<< HEAD - * Implementation of settings_t.get_bool. - */ -static bool get_bool(private_settings_t *this, char *key, bool def, ...) -{ - char *value; - va_list args; - - va_start(args, def); - value = find_value(this->top, key, args); - va_end(args); - if (value) - { - if (strcaseeq(value, "true") || - strcaseeq(value, "enabled") || - strcaseeq(value, "yes") || - strcaseeq(value, "1")) - { - return TRUE; - } - else if (strcaseeq(value, "false") || - strcaseeq(value, "disabled") || - strcaseeq(value, "no") || - strcaseeq(value, "0")) -======= * Described in header */ inline bool settings_value_as_bool(char *value, bool def) @@ -594,7 +462,6 @@ inline bool settings_value_as_bool(char *value, bool def) strcaseeq(value, "no") || strcaseeq(value, "false") || strcaseeq(value, "disabled")) ->>>>>>> upstream/4.5.1 { return FALSE; } @@ -602,20 +469,6 @@ inline bool settings_value_as_bool(char *value, bool def) return def; } -<<<<<<< HEAD -/** - * Implementation of settings_t.get_int. - */ -static int get_int(private_settings_t *this, char *key, int def, ...) -{ - char *value; - int intval; - va_list args; - - va_start(args, def); - value = find_value(this->top, key, args); - va_end(args); -======= METHOD(settings_t, get_bool, bool, private_settings_t *this, char *key, bool def, ...) { @@ -634,7 +487,6 @@ METHOD(settings_t, get_bool, bool, inline int settings_value_as_int(char *value, int def) { int intval; ->>>>>>> upstream/4.5.1 if (value) { errno = 0; @@ -647,20 +499,6 @@ inline int settings_value_as_int(char *value, int def) return def; } -<<<<<<< HEAD -/** - * Implementation of settings_t.get_double. - */ -static double get_double(private_settings_t *this, char *key, double def, ...) -{ - char *value; - double dval; - va_list args; - - va_start(args, def); - value = find_value(this->top, key, args); - va_end(args); -======= METHOD(settings_t, get_int, int, private_settings_t *this, char *key, int def, ...) { @@ -679,7 +517,6 @@ METHOD(settings_t, get_int, int, inline double settings_value_as_double(char *value, double def) { double dval; ->>>>>>> upstream/4.5.1 if (value) { errno = 0; @@ -692,20 +529,6 @@ inline double settings_value_as_double(char *value, double def) return def; } -<<<<<<< HEAD -/** - * Implementation of settings_t.get_time. - */ -static u_int32_t get_time(private_settings_t *this, char *key, u_int32_t def, ...) -{ - char *value, *endptr; - u_int32_t timeval; - va_list args; - - va_start(args, def); - value = find_value(this->top, key, args); - va_end(args); -======= METHOD(settings_t, get_double, double, private_settings_t *this, char *key, double def, ...) { @@ -725,7 +548,6 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) { char *endptr; u_int32_t timeval; ->>>>>>> upstream/4.5.1 if (value) { errno = 0; @@ -744,11 +566,7 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) timeval *= 60; break; case 's': /* time in seconds */ -<<<<<<< HEAD - default: -======= default: ->>>>>>> upstream/4.5.1 break; } return timeval; @@ -757,8 +575,6 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) return def; } -<<<<<<< HEAD -======= METHOD(settings_t, get_time, u_int32_t, private_settings_t *this, char *key, u_int32_t def, ...) { @@ -828,7 +644,6 @@ METHOD(settings_t, set_time, void, va_end(args); } ->>>>>>> upstream/4.5.1 /** * Enumerate section names, not sections */ @@ -838,42 +653,24 @@ static bool section_filter(void *null, section_t **in, char **out) return TRUE; } -<<<<<<< HEAD -/** - * Implementation of settings_t.create_section_enumerator - */ -static enumerator_t* create_section_enumerator(private_settings_t *this, - char *key, ...) -======= METHOD(settings_t, create_section_enumerator, enumerator_t*, private_settings_t *this, char *key, ...) ->>>>>>> upstream/4.5.1 { section_t *section; va_list args; va_start(args, key); -<<<<<<< HEAD - section = find_section(this->top, key, args); -======= section = find_section(this, this->top, key, args); ->>>>>>> upstream/4.5.1 va_end(args); if (!section) { return enumerator_create_empty(); } -<<<<<<< HEAD - return enumerator_create_filter( - section->sections->create_enumerator(section->sections), - (void*)section_filter, NULL, NULL); -======= this->lock->read_lock(this->lock); return enumerator_create_filter( section->sections->create_enumerator(section->sections), (void*)section_filter, this->lock, (void*)this->lock->unlock); ->>>>>>> upstream/4.5.1 } /** @@ -887,53 +684,24 @@ static bool kv_filter(void *null, kv_t **in, char **key, return TRUE; } -<<<<<<< HEAD -/** - * Implementation of settings_t.create_key_value_enumerator - */ -static enumerator_t* create_key_value_enumerator(private_settings_t *this, - char *key, ...) -======= METHOD(settings_t, create_key_value_enumerator, enumerator_t*, private_settings_t *this, char *key, ...) ->>>>>>> upstream/4.5.1 { section_t *section; va_list args; va_start(args, key); -<<<<<<< HEAD - section = find_section(this->top, key, args); -======= section = find_section(this, this->top, key, args); ->>>>>>> upstream/4.5.1 va_end(args); if (!section) { return enumerator_create_empty(); } -<<<<<<< HEAD - return enumerator_create_filter( - section->kv->create_enumerator(section->kv), - (void*)kv_filter, NULL, NULL); -} - -/** - * destroy a section - */ -static void section_destroy(section_t *this) -{ - this->kv->destroy_function(this->kv, free); - this->sections->destroy_function(this->sections, (void*)section_destroy); - - free(this); -======= this->lock->read_lock(this->lock); return enumerator_create_filter( section->kv->create_enumerator(section->kv), (void*)kv_filter, this->lock, (void*)this->lock->unlock); ->>>>>>> upstream/4.5.1 } /** @@ -1011,26 +779,6 @@ static char parse(char **text, char *skip, char *term, char *br, char **token) } /** -<<<<<<< HEAD - * Parse a section - */ -static section_t* parse_section(char **text, char *name) -{ - section_t *sub, *section; - bool finished = FALSE; - char *key, *value, *inner; - - static int lev = 0; - lev++; - - section = malloc_thing(section_t); - section->name = name; - section->sections = linked_list_create(); - section->kv = linked_list_create(); - - while (!finished) - { -======= * Check if "text" starts with "pattern". * Characters in "skip" are skipped first. If found, TRUE is returned and "text" * is modified to point to the character right after "pattern". @@ -1101,20 +849,11 @@ static bool parse_section(linked_list_t *contents, char *file, int level, } continue; } ->>>>>>> upstream/4.5.1 switch (parse(text, "\t\n ", "{=#", NULL, &key)) { case '{': if (parse(text, "\t ", "}", "{", &inner)) { -<<<<<<< HEAD - sub = parse_section(&inner, key); - if (sub) - { - section->sections->insert_last(section->sections, sub); - continue; - } -======= section_t *sub; if (!strlen(key)) { @@ -1144,19 +883,12 @@ static bool parse_section(linked_list_t *contents, char *file, int level, } DBG1(DBG_LIB, "parsing subsection '%s' failed", key); break; ->>>>>>> upstream/4.5.1 } DBG1(DBG_LIB, "matching '}' not found near %s", *text); break; case '=': if (parse(text, "\t ", "\n", NULL, &value)) { -<<<<<<< HEAD - kv_t *kv = malloc_thing(kv_t); - kv->key = key; - kv->value = value; - section->kv->insert_last(section->kv, kv); -======= kv_t *kv; if (!strlen(key)) { @@ -1175,7 +907,6 @@ static bool parse_section(linked_list_t *contents, char *file, int level, { /* replace with the most recently read value */ kv->value = value; } ->>>>>>> upstream/4.5.1 continue; } DBG1(DBG_LIB, "parsing value failed near %s", *text); @@ -1187,80 +918,6 @@ static bool parse_section(linked_list_t *contents, char *file, int level, finished = TRUE; continue; } -<<<<<<< HEAD - section_destroy(section); - return NULL; - } - return section; -} - -/** - * Implementation of settings_t.destroy - */ -static void destroy(private_settings_t *this) -{ - if (this->top) - { - section_destroy(this->top); - } - free(this->text); - free(this); -} - -/* - * see header file - */ -settings_t *settings_create(char *file) -{ - private_settings_t *this; - char *pos; - FILE *fd; - int len; - - this = malloc_thing(private_settings_t); - this->public.get_str = (char*(*)(settings_t*, char *key, char* def, ...))get_str; - this->public.get_int = (int(*)(settings_t*, char *key, int def, ...))get_int; - this->public.get_double = (double(*)(settings_t*, char *key, double def, ...))get_double; - this->public.get_time = (u_int32_t(*)(settings_t*, char *key, u_int32_t def, ...))get_time; - this->public.get_bool = (bool(*)(settings_t*, char *key, bool def, ...))get_bool; - this->public.create_section_enumerator = (enumerator_t*(*)(settings_t*,char *section, ...))create_section_enumerator; - this->public.create_key_value_enumerator = (enumerator_t*(*)(settings_t*, char *key, ...))create_key_value_enumerator; - this->public.destroy = (void(*)(settings_t*))destroy; - - this->top = NULL; - this->text = NULL; - - if (file == NULL) - { - file = STRONGSWAN_CONF; - } - fd = fopen(file, "r"); - if (fd == NULL) - { - DBG1(DBG_LIB, "'%s' does not exist or is not readable", file); - return &this->public; - } - fseek(fd, 0, SEEK_END); - len = ftell(fd); - rewind(fd); - this->text = malloc(len + 1); - this->text[len] = '\0'; - if (fread(this->text, 1, len, fd) != len) - { - free(this->text); - this->text = NULL; - return &this->public; - } - fclose(fd); - - pos = this->text; - this->top = parse_section(&pos, NULL); - if (this->top == NULL) - { - free(this->text); - this->text = NULL; - } -======= return FALSE; } return TRUE; @@ -1274,14 +931,30 @@ static bool parse_file(linked_list_t *contents, char *file, int level, { bool success; char *text, *pos; + struct stat st; FILE *fd; int len; DBG2(DBG_LIB, "loading config file '%s'", file); + if (stat(file, &st) == -1) + { + if (errno == ENOENT) + { + DBG2(DBG_LIB, "'%s' does not exist, ignored", file); + return TRUE; + } + DBG1(DBG_LIB, "failed to stat '%s': %s", file, strerror(errno)); + return FALSE; + } + else if (!S_ISREG(st.st_mode)) + { + DBG1(DBG_LIB, "'%s' is not a regular file", file); + return FALSE; + } fd = fopen(file, "r"); if (fd == NULL) { - DBG1(DBG_LIB, "'%s' does not exist or is not readable", file); + DBG1(DBG_LIB, "'%s' is not readable", file); return FALSE; } fseek(fd, 0, SEEK_END); @@ -1310,16 +983,15 @@ static bool parse_file(linked_list_t *contents, char *file, int level, } /** - * Load the files matching "pattern", which is resolved with glob(3). + * Load the files matching "pattern", which is resolved with glob(3), if + * available. * If the pattern is relative, the directory of "file" is used as base. */ static bool parse_files(linked_list_t *contents, char *file, int level, char *pattern, section_t *section) { bool success = TRUE; - int status; - glob_t buf; - char **expanded, pat[PATH_MAX]; + char pat[PATH_MAX]; if (level > MAX_INCLUSION_LEVEL) { @@ -1354,28 +1026,39 @@ static bool parse_files(linked_list_t *contents, char *file, int level, } free(dir); } - status = glob(pat, GLOB_ERR, NULL, &buf); - if (status == GLOB_NOMATCH) - { - DBG2(DBG_LIB, "no files found matching '%s', ignored", pat); - } - else if (status != 0) - { - DBG1(DBG_LIB, "expanding file pattern '%s' failed", pat); - success = FALSE; - } - else +#ifdef HAVE_GLOB_H { - for (expanded = buf.gl_pathv; *expanded != NULL; expanded++) + int status; + glob_t buf; + + status = glob(pat, GLOB_ERR, NULL, &buf); + if (status == GLOB_NOMATCH) + { + DBG2(DBG_LIB, "no files found matching '%s', ignored", pat); + } + else if (status != 0) + { + DBG1(DBG_LIB, "expanding file pattern '%s' failed", pat); + success = FALSE; + } + else { - success &= parse_file(contents, *expanded, level + 1, section); - if (!success) + char **expanded; + for (expanded = buf.gl_pathv; *expanded != NULL; expanded++) { - break; + success &= parse_file(contents, *expanded, level + 1, section); + if (!success) + { + break; + } } } + globfree(&buf); } - globfree(&buf); +#else /* HAVE_GLOB_H */ + /* if glob(3) is not available, try to load pattern directly */ + success = parse_file(contents, pat, level + 1, section); +#endif /* HAVE_GLOB_H */ return success; } @@ -1430,12 +1113,17 @@ static void section_extend(section_t *base, section_t *extension) * All files (even included ones) have to be loaded successfully. */ static bool load_files_internal(private_settings_t *this, section_t *parent, - char *pattern) + char *pattern, bool merge) { char *text; linked_list_t *contents = linked_list_create(); section_t *section = section_create(NULL); + if (pattern == NULL) + { + pattern = STRONGSWAN_CONF; + } + if (!parse_files(contents, NULL, 0, pattern, section)) { contents->destroy_function(contents, (void*)free); @@ -1444,6 +1132,10 @@ static bool load_files_internal(private_settings_t *this, section_t *parent, } this->lock->write_lock(this->lock); + if (!merge) + { + section_purge(parent); + } /* extend parent section */ section_extend(parent, section); /* move contents of loaded files to main store */ @@ -1459,13 +1151,13 @@ static bool load_files_internal(private_settings_t *this, section_t *parent, } METHOD(settings_t, load_files, bool, - private_settings_t *this, char *pattern) + private_settings_t *this, char *pattern, bool merge) { - return load_files_internal(this, this->top, pattern); + return load_files_internal(this, this->top, pattern, merge); } METHOD(settings_t, load_files_section, bool, - private_settings_t *this, char *pattern, char *key, ...) + private_settings_t *this, char *pattern, bool merge, char *key, ...) { section_t *section; va_list args; @@ -1478,7 +1170,7 @@ METHOD(settings_t, load_files_section, bool, { return FALSE; } - return load_files_internal(this, section, pattern); + return load_files_internal(this, section, pattern, merge); } METHOD(settings_t, destroy, void, @@ -1520,14 +1212,8 @@ settings_t *settings_create(char *file) .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); - if (file == NULL) - { - file = STRONGSWAN_CONF; - } - - load_files(this, file); + load_files(this, file, FALSE); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h index 9da217630..9ccd02327 100644 --- a/src/libstrongswan/settings.h +++ b/src/libstrongswan/settings.h @@ -1,8 +1,5 @@ /* -<<<<<<< HEAD -======= * Copyright (C) 2010 Tobias Brunner ->>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -31,16 +28,6 @@ typedef struct settings_t settings_t; #include "utils/enumerator.h" /** -<<<<<<< HEAD - * Generic configuration options read from a config file. - * - * The syntax is quite simple: - * - * settings := (section|keyvalue)* - * section := name { settings } - * keyvalue := key = value\n - * -======= * Convert a string value returned by a key/value enumerator to a boolean. * * @see settings_t.create_key_value_enumerator() @@ -89,7 +76,6 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def); * section := name { settings } * keyvalue := key = value\n * @endcode ->>>>>>> upstream/4.5.1 * E.g.: * @code a = b @@ -109,8 +95,6 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def); * * Currently only a limited set of printf format specifiers are supported * (namely %s, %d and %N, see implementation for details). -<<<<<<< HEAD -======= * * \section includes Including other files * Other files can be included, using the include statement e.g. @@ -156,7 +140,6 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def); section-two { } @endcode ->>>>>>> upstream/4.5.1 */ struct settings_t { @@ -211,8 +194,6 @@ struct settings_t { u_int32_t (*get_time)(settings_t *this, char *key, u_int32_t def, ...); /** -<<<<<<< HEAD -======= * Set a string value. * * @param key key including sections, printf style format @@ -258,7 +239,6 @@ struct settings_t { void (*set_time)(settings_t *this, char *key, u_int32_t value, ...); /** ->>>>>>> upstream/4.5.1 * Create an enumerator over subsection names of a section. * * @param section section including parents, printf style format @@ -272,37 +252,34 @@ struct settings_t { * Create an enumerator over key/value pairs in a section. * * @param section section name to list key/value pairs of, printf style -<<<<<<< HEAD - * @param ... argmuent list for section -======= * @param ... argument list for section ->>>>>>> upstream/4.5.1 * @return enumerator over (char *key, char *value) */ enumerator_t* (*create_key_value_enumerator)(settings_t *this, char *section, ...); /** -<<<<<<< HEAD -======= * Load settings from the files matching the given pattern. * - * Existing sections are extended, existing values replaced, by those found - * in the loaded files. + * If merge is TRUE, existing sections are extended, existing values + * replaced, by those found in the loaded files. If it is FALSE, existing + * sections are purged before reading the new config. * * @note If any of the files matching the pattern fails to load, no settings * are added at all. So, it's all or nothing. * * @param pattern file pattern + * @param merge TRUE to merge config with existing values * @return TRUE, if settings were loaded successfully */ - bool (*load_files)(settings_t *this, char *pattern); + bool (*load_files)(settings_t *this, char *pattern, bool merge); /** * Load settings from the files matching the given pattern. * - * Existing sections are extended, existing values replaced, by those found - * in the loaded files. + * If merge is TRUE, existing sections are extended, existing values + * replaced, by those found in the loaded files. If it is FALSE, existing + * sections are purged before reading the new config. * * All settings are loaded relative to the given section. The section is * created, if it does not yet exist. @@ -311,15 +288,15 @@ struct settings_t { * are added at all. So, it's all or nothing. * * @param pattern file pattern + * @param merge TRUE to merge config with existing values * @param section section name of parent section, printf style * @param ... argument list for section * @return TRUE, if settings were loaded successfully */ - bool (*load_files_section)(settings_t *this, char *pattern, + bool (*load_files_section)(settings_t *this, char *pattern, bool merge, char *section, ...); /** ->>>>>>> upstream/4.5.1 * Destroy a settings instance. */ void (*destroy)(settings_t *this); diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c index 3751bb749..fcc0019d8 100644 --- a/src/libstrongswan/threading/thread.c +++ b/src/libstrongswan/threading/thread.c @@ -205,6 +205,7 @@ static void *join(private_thread_t *this) { pthread_t thread_id; void *val; + this->mutex->lock(this->mutex); if (pthread_equal(this->thread_id, pthread_self())) { @@ -231,6 +232,7 @@ static void *join(private_thread_t *this) this->mutex->unlock(this->mutex); } pthread_join(thread_id, &val); + return val; } @@ -240,6 +242,7 @@ static void *join(private_thread_t *this) static private_thread_t *thread_create_internal() { private_thread_t *this = malloc_thing(private_thread_t); + this->public.cancel = (void(*)(thread_t*))cancel; this->public.kill = (void(*)(thread_t*,int))_kill; this->public.detach = (void(*)(thread_t*))detach; @@ -281,11 +284,13 @@ static void thread_cleanup(private_thread_t *this) static void *thread_main(private_thread_t *this) { void *res; + sem_wait(&this->created); current_thread->set(current_thread, this); pthread_cleanup_push((thread_cleanup_t)thread_cleanup, this); res = this->main(this->arg); pthread_cleanup_pop(TRUE); + return res; } @@ -295,6 +300,7 @@ static void *thread_main(private_thread_t *this) thread_t *thread_create(thread_main_t main, void *arg) { private_thread_t *this = thread_create_internal(); + this->main = main; this->arg = arg; if (pthread_create(&this->thread_id, NULL, (void*)thread_main, this) != 0) @@ -308,6 +314,7 @@ thread_t *thread_create(thread_main_t main, void *arg) this->id = next_id++; id_mutex->unlock(id_mutex); sem_post(&this->created); + return &this->public; } @@ -325,7 +332,8 @@ thread_t *thread_current() u_int thread_current_id() { private_thread_t *this = (private_thread_t*)thread_current(); - return this->id; + + return this ? this->id : 0; } /** @@ -335,6 +343,7 @@ void thread_cleanup_push(thread_cleanup_t cleanup, void *arg) { private_thread_t *this = (private_thread_t*)thread_current(); cleanup_handler_t *handler; + this->mutex->lock(this->mutex); handler = malloc_thing(cleanup_handler_t); handler->cleanup = cleanup; @@ -350,6 +359,7 @@ void thread_cleanup_pop(bool execute) { private_thread_t *this = (private_thread_t*)thread_current(); cleanup_handler_t *handler; + this->mutex->lock(this->mutex); if (this->cleanup_handlers->remove_last(this->cleanup_handlers, (void**)&handler) != SUCCESS) @@ -374,14 +384,18 @@ bool thread_cancelability(bool enable) { #ifdef HAVE_PTHREAD_CANCEL int old; + pthread_setcancelstate(enable ? PTHREAD_CANCEL_ENABLE : PTHREAD_CANCEL_DISABLE, &old); + return old == PTHREAD_CANCEL_ENABLE; #else sigset_t new, old; + sigemptyset(&new); sigaddset(&new, SIG_CANCEL); pthread_sigmask(enable ? SIG_UNBLOCK : SIG_BLOCK, &new, &old); + return sigismember(&old, SIG_CANCEL) == 0; #endif /* HAVE_PTHREAD_CANCEL */ } @@ -392,6 +406,7 @@ bool thread_cancelability(bool enable) void thread_cancellation_point() { bool old = thread_cancelability(TRUE); + #ifdef HAVE_PTHREAD_CANCEL pthread_testcancel(); #endif /* HAVE_PTHREAD_CANCEL */ @@ -412,6 +427,7 @@ void thread_exit(void *val) void threads_init() { private_thread_t *main_thread = thread_create_internal(); + main_thread->id = 0; main_thread->thread_id = pthread_self(); current_thread = thread_value_create(NULL); @@ -434,6 +450,7 @@ void threads_init() void threads_deinit() { private_thread_t *main_thread = (private_thread_t*)thread_current(); + main_thread->mutex->lock(main_thread->mutex); thread_destroy(main_thread); current_thread->destroy(current_thread); diff --git a/src/libstrongswan/utils.c b/src/libstrongswan/utils.c index 357858c9e..6ffb62aaf 100644 --- a/src/libstrongswan/utils.c +++ b/src/libstrongswan/utils.c @@ -102,6 +102,14 @@ void memxor(u_int8_t dst[], u_int8_t src[], size_t n) /** * Described in header. */ +void memwipe_noinline(void *ptr, size_t n) +{ + memwipe_inline(ptr, n); +} + +/** + * Described in header. + */ void *memstr(const void *haystack, const char *needle, size_t n) { unsigned const char *pos = haystack; @@ -247,8 +255,6 @@ bool return_false() } /** -<<<<<<< HEAD -======= * returns FAILED */ status_t return_failed() @@ -257,7 +263,6 @@ status_t return_failed() } /** ->>>>>>> upstream/4.5.1 * nop operation */ void nop() @@ -290,7 +295,7 @@ bool ref_put(refcount_t *ref) bool more_refs; pthread_mutex_lock(&ref_mutex); - more_refs = --(*ref); + more_refs = --(*ref) > 0; pthread_mutex_unlock(&ref_mutex); return !more_refs; } diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h index e07af53aa..a334954ae 100644 --- a/src/libstrongswan/utils.h +++ b/src/libstrongswan/utils.h @@ -57,11 +57,7 @@ #define streq(x,y) (strcmp(x, y) == 0) /** -<<<<<<< HEAD - * Macro compares two strings for equality -======= * Macro compares two strings for equality, length limited ->>>>>>> upstream/4.5.1 */ #define strneq(x,y,len) (strncmp(x, y, len) == 0) @@ -71,8 +67,6 @@ #define strcaseeq(x,y) (strcasecmp(x, y) == 0) /** -<<<<<<< HEAD -======= * Macro compares two strings for equality ignoring case, length limited */ #define strncaseeq(x,y,len) (strncasecmp(x, y, len) == 0) @@ -83,7 +77,6 @@ #define strdupnull(x) ({ char *_x = x; _x ? strdup(_x) : NULL; }) /** ->>>>>>> upstream/4.5.1 * Macro compares two binary blobs for equality */ #define memeq(x,y,len) (memcmp(x, y, len) == 0) @@ -344,6 +337,51 @@ void *clalloc(void *pointer, size_t size); void memxor(u_int8_t dest[], u_int8_t src[], size_t n); /** + * Safely overwrite n bytes of memory at ptr with zero, non-inlining variant. + */ +void memwipe_noinline(void *ptr, size_t n); + +/** + * Safely overwrite n bytes of memory at ptr with zero, inlining variant. + */ +static inline void memwipe_inline(void *ptr, size_t n) +{ + volatile char *c = (volatile char*)ptr; + int m, i; + + /* byte wise until long aligned */ + for (i = 0; (uintptr_t)&c % sizeof(long) && i < n; i++) + { + c[i] = 0; + } + /* word wize */ + for (m = n - sizeof(long); i <= m; i += sizeof(long)) + { + *(volatile long*)&c[i] = 0; + } + /* byte wise of the rest */ + for (; i < n; i++) + { + c[i] = 0; + } +} + +/** + * Safely overwrite n bytes of memory at ptr with zero, auto-inlining variant. + */ +static inline void memwipe(void *ptr, size_t n) +{ + if (__builtin_constant_p(n)) + { + memwipe_inline(ptr, n); + } + else + { + memwipe_noinline(ptr, n); + } +} + +/** * A variant of strstr with the characteristics of memchr, where haystack is not * a null-terminated string but simply a memory area of length n. */ @@ -399,14 +437,11 @@ bool return_true(); bool return_false(); /** -<<<<<<< HEAD -======= * returns FAILED */ status_t return_failed(); /** ->>>>>>> upstream/4.5.1 * Write a 16-bit host order value in network order to an unaligned address. * * @param host host order 16-bit value diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index 5f1318b9a..5744439f8 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -80,7 +80,7 @@ static void log_(private_backtrace_t *this, FILE *file, bool detailed) } if (info.dli_sname) { - fprintf(file, " \e[33m%s\e[0m @ %p (\e[31m%s\e[0m+0x%x) [%p]\n", + fprintf(file, " \e[33m%s\e[0m @ %p (\e[31m%s\e[0m+0x%tx) [%p]\n", info.dli_fname, info.dli_fbase, info.dli_sname, this->frames[i] - info.dli_saddr, this->frames[i]); } @@ -132,18 +132,11 @@ static void log_(private_backtrace_t *this, FILE *file, bool detailed) /** * Implementation of backtrace_t.contains_function */ -<<<<<<< HEAD -static bool contains_function(private_backtrace_t *this, char *function) -{ -#ifdef HAVE_DLADDR - int i; -======= static bool contains_function(private_backtrace_t *this, char *function[], int count) { #ifdef HAVE_DLADDR int i, j; ->>>>>>> upstream/4.5.1 for (i = 0; i< this->frame_count; i++) { @@ -151,18 +144,12 @@ static bool contains_function(private_backtrace_t *this, if (dladdr(this->frames[i], &info) && info.dli_sname) { -<<<<<<< HEAD - if (streq(info.dli_sname, function)) - { - return TRUE; -======= for (j = 0; j < count; j++) { if (streq(info.dli_sname, function[j])) { return TRUE; } ->>>>>>> upstream/4.5.1 } } } @@ -196,11 +183,7 @@ backtrace_t *backtrace_create(int skip) this->frame_count = frame_count; this->public.log = (void(*)(backtrace_t*,FILE*,bool))log_; -<<<<<<< HEAD - this->public.contains_function = (bool(*)(backtrace_t*, char *function))contains_function; -======= this->public.contains_function = (bool(*)(backtrace_t*, char *function[], int count))contains_function; ->>>>>>> upstream/4.5.1 this->public.destroy = (void(*)(backtrace_t*))destroy; return &this->public; diff --git a/src/libstrongswan/utils/backtrace.h b/src/libstrongswan/utils/backtrace.h index 712122afb..e8ccfc1bd 100644 --- a/src/libstrongswan/utils/backtrace.h +++ b/src/libstrongswan/utils/backtrace.h @@ -41,14 +41,6 @@ struct backtrace_t { void (*log)(backtrace_t *this, FILE *file, bool detailed); /** -<<<<<<< HEAD - * Check if the backtrace contains a frame in a specific function. - * - * @param function name - * @return TRUE if function is in the stack - */ - bool (*contains_function)(backtrace_t *this, char *function); -======= * Check if the backtrace contains a frame having a function in a list. * * @param function name array @@ -56,7 +48,6 @@ struct backtrace_t { * @return TRUE if one of the functions is in the stack */ bool (*contains_function)(backtrace_t *this, char *function[], int count); ->>>>>>> upstream/4.5.1 /** * Destroy a backtrace instance. diff --git a/src/libstrongswan/utils/hashtable.c b/src/libstrongswan/utils/hashtable.c index 9a0f92b3c..49b0bb68c 100644 --- a/src/libstrongswan/utils/hashtable.c +++ b/src/libstrongswan/utils/hashtable.c @@ -186,11 +186,7 @@ static void rehash(private_hashtable_t *this) linked_list_t **old_table; u_int row, old_capacity; -<<<<<<< HEAD - if (this->capacity < MAX_CAPACITY) -======= if (this->capacity >= MAX_CAPACITY) ->>>>>>> upstream/4.5.1 { return; } @@ -253,10 +249,7 @@ METHOD(hashtable_t, put, void*, { old_value = pair->value; pair->value = value; -<<<<<<< HEAD -======= pair->key = key; ->>>>>>> upstream/4.5.1 break; } } diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c index 1fba6a587..615d85c95 100644 --- a/src/libstrongswan/utils/host.c +++ b/src/libstrongswan/utils/host.c @@ -476,13 +476,10 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port) { return host_create_any_port(af ? af : AF_INET6, port); } -<<<<<<< HEAD -======= if (af == AF_INET && strchr(string, ':')) { /* do not try to convert v6 addresses for v4 family */ return NULL; } ->>>>>>> upstream/4.5.1 memset(&hints, 0, sizeof(hints)); hints.ai_family = af; @@ -571,8 +568,6 @@ host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port) /* * Described in header. */ -<<<<<<< HEAD -======= host_t *host_create_from_subnet(char *string, int *bits) { char *pos, buf[64]; @@ -608,7 +603,6 @@ host_t *host_create_from_subnet(char *string, int *bits) /* * Described in header. */ ->>>>>>> upstream/4.5.1 host_t *host_create_any(int family) { private_host_t *this = host_create_empty(); @@ -631,5 +625,6 @@ host_t *host_create_any(int family) default: break; } + free(this); return NULL; } diff --git a/src/libstrongswan/utils/host.h b/src/libstrongswan/utils/host.h index b9cd81148..0a1be6e47 100644 --- a/src/libstrongswan/utils/host.h +++ b/src/libstrongswan/utils/host.h @@ -190,8 +190,6 @@ host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port); host_t *host_create_from_sockaddr(sockaddr_t *sockaddr); /** -<<<<<<< HEAD -======= * Create a host from a CIDR subnet definition (1.2.3.0/24), return bits. * * @param string string to parse @@ -201,7 +199,6 @@ host_t *host_create_from_sockaddr(sockaddr_t *sockaddr); host_t *host_create_from_subnet(char *string, int *bits); /** ->>>>>>> upstream/4.5.1 * Create a host without an address, a "any" host. * * @param family family of the any host diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index facf9f6de..252cfa28e 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -64,32 +64,34 @@ typedef struct { } x501rdn_t; static const x501rdn_t x501rdns[] = { - {"ND", OID_NAME_DISTINGUISHER, ASN1_PRINTABLESTRING}, - {"UID", OID_PILOT_USERID, ASN1_PRINTABLESTRING}, - {"DC", OID_PILOT_DOMAIN_COMPONENT, ASN1_PRINTABLESTRING}, - {"CN", OID_COMMON_NAME, ASN1_PRINTABLESTRING}, - {"S", OID_SURNAME, ASN1_PRINTABLESTRING}, - {"SN", OID_SERIAL_NUMBER, ASN1_PRINTABLESTRING}, - {"serialNumber", OID_SERIAL_NUMBER, ASN1_PRINTABLESTRING}, - {"C", OID_COUNTRY, ASN1_PRINTABLESTRING}, - {"L", OID_LOCALITY, ASN1_PRINTABLESTRING}, - {"ST", OID_STATE_OR_PROVINCE, ASN1_PRINTABLESTRING}, - {"O", OID_ORGANIZATION, ASN1_PRINTABLESTRING}, - {"OU", OID_ORGANIZATION_UNIT, ASN1_PRINTABLESTRING}, - {"T", OID_TITLE, ASN1_PRINTABLESTRING}, - {"D", OID_DESCRIPTION, ASN1_PRINTABLESTRING}, - {"N", OID_NAME, ASN1_PRINTABLESTRING}, - {"G", OID_GIVEN_NAME, ASN1_PRINTABLESTRING}, - {"I", OID_INITIALS, ASN1_PRINTABLESTRING}, - {"ID", OID_UNIQUE_IDENTIFIER, ASN1_PRINTABLESTRING}, - {"EN", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, - {"employeeNumber", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, - {"E", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, - {"Email", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, - {"emailAddress", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, - {"UN", OID_UNSTRUCTURED_NAME, ASN1_IA5STRING}, - {"unstructuredName",OID_UNSTRUCTURED_NAME, ASN1_IA5STRING}, - {"TCGID", OID_TCGID, ASN1_PRINTABLESTRING} + {"ND", OID_NAME_DISTINGUISHER, ASN1_PRINTABLESTRING}, + {"UID", OID_PILOT_USERID, ASN1_PRINTABLESTRING}, + {"DC", OID_PILOT_DOMAIN_COMPONENT, ASN1_PRINTABLESTRING}, + {"CN", OID_COMMON_NAME, ASN1_PRINTABLESTRING}, + {"S", OID_SURNAME, ASN1_PRINTABLESTRING}, + {"SN", OID_SERIAL_NUMBER, ASN1_PRINTABLESTRING}, + {"serialNumber", OID_SERIAL_NUMBER, ASN1_PRINTABLESTRING}, + {"C", OID_COUNTRY, ASN1_PRINTABLESTRING}, + {"L", OID_LOCALITY, ASN1_PRINTABLESTRING}, + {"ST", OID_STATE_OR_PROVINCE, ASN1_PRINTABLESTRING}, + {"O", OID_ORGANIZATION, ASN1_PRINTABLESTRING}, + {"OU", OID_ORGANIZATION_UNIT, ASN1_PRINTABLESTRING}, + {"T", OID_TITLE, ASN1_PRINTABLESTRING}, + {"D", OID_DESCRIPTION, ASN1_PRINTABLESTRING}, + {"N", OID_NAME, ASN1_PRINTABLESTRING}, + {"G", OID_GIVEN_NAME, ASN1_PRINTABLESTRING}, + {"I", OID_INITIALS, ASN1_PRINTABLESTRING}, + {"ID", OID_UNIQUE_IDENTIFIER, ASN1_PRINTABLESTRING}, + {"EN", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, + {"employeeNumber", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, + {"E", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, + {"Email", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, + {"emailAddress", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, + {"UN", OID_UNSTRUCTURED_NAME, ASN1_IA5STRING}, + {"unstructuredName", OID_UNSTRUCTURED_NAME, ASN1_IA5STRING}, + {"UA", OID_UNSTRUCTURED_ADDRESS, ASN1_PRINTABLESTRING}, + {"unstructuredAddress", OID_UNSTRUCTURED_ADDRESS, ASN1_PRINTABLESTRING}, + {"TCGID", OID_TCGID, ASN1_PRINTABLESTRING} }; /** @@ -281,20 +283,13 @@ static void dntoa(chunk_t dn, char *buf, size_t len) chunk_t oid_data, data, printable; u_char type; int oid, written; -<<<<<<< HEAD - bool finished = FALSE; -======= bool finished = FALSE, empty = TRUE; ->>>>>>> upstream/4.5.1 e = create_rdn_enumerator(dn); while (e->enumerate(e, &oid_data, &type, &data)) { -<<<<<<< HEAD -======= empty = FALSE; ->>>>>>> upstream/4.5.1 oid = asn1_known_oid(oid_data); if (oid == OID_UNKNOWN) @@ -338,15 +333,11 @@ static void dntoa(chunk_t dn, char *buf, size_t len) break; } } -<<<<<<< HEAD - if (!finished) -======= if (empty) { snprintf(buf, len, ""); } else if (!finished) ->>>>>>> upstream/4.5.1 { snprintf(buf, len, "(invalid ID_DER_ASN1_DN)"); } diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index ef2ea8e14..39505d3f3 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -165,6 +165,7 @@ char *whitelist[] = { "__gmtime_r", "localtime_r", "tzset", + "time_printf_hook", "inet_ntoa", "strerror", "getprotobyname", @@ -190,6 +191,7 @@ char *whitelist[] = { "dlopen", "dlerror", "dlclose", + "dlsym", /* mysql functions */ "mysql_init_character_set", "init_client_errs", @@ -218,27 +220,6 @@ char *whitelist[] = { "gcry_create_nonce", /* NSPR */ "PR_CallOnce", -<<<<<<< HEAD -}; - -/** - * check if a stack frame contains functions listed above - */ -static bool is_whitelisted(backtrace_t *backtrace) -{ - int i; - for (i = 0; i < sizeof(whitelist)/sizeof(char*); i++) - { - if (backtrace->contains_function(backtrace, whitelist[i])) - { - return TRUE; - } - } - return FALSE; -} - -/** -======= /* libapr */ "apr_pool_create_ex", /* glib */ @@ -256,7 +237,6 @@ static bool is_whitelisted(backtrace_t *backtrace) }; /** ->>>>>>> upstream/4.5.1 * Report leaks at library destruction */ static void report(private_leak_detective_t *this, bool detailed) @@ -268,12 +248,8 @@ static void report(private_leak_detective_t *this, bool detailed) for (hdr = first_header.next; hdr != NULL; hdr = hdr->next) { -<<<<<<< HEAD - if (is_whitelisted(hdr->backtrace)) -======= if (hdr->backtrace->contains_function(hdr->backtrace, whitelist, countof(whitelist))) ->>>>>>> upstream/4.5.1 { whitelisted++; } diff --git a/src/libstrongswan/utils/linked_list.c b/src/libstrongswan/utils/linked_list.c index 4aa8ea6ca..9b37359dc 100644 --- a/src/libstrongswan/utils/linked_list.c +++ b/src/libstrongswan/utils/linked_list.c @@ -289,6 +289,7 @@ static void insert_before(private_iterator_t * iterator, void *item) if (iterator->current == NULL) { iterator->list->public.insert_first(&(iterator->list->public), item); + return; } element_t *element = element_create(item); diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c index fe3d37966..e51780290 100644 --- a/src/libstrongswan/utils/optionsfrom.c +++ b/src/libstrongswan/utils/optionsfrom.c @@ -61,16 +61,8 @@ struct private_options_t { char *buffers[MAX_USES]; }; -<<<<<<< HEAD -/** - * Defined in header - */ -bool from(private_options_t *this, char *filename, int *argcp, char **argvp[], - int optind) -======= METHOD(options_t, from, bool, private_options_t *this, char *filename, int *argcp, char **argvp[], int optind) ->>>>>>> upstream/4.5.1 { int newargc; int next; /* place for next argument */ @@ -187,15 +179,8 @@ METHOD(options_t, from, bool, return good; } -<<<<<<< HEAD -/** - * Defined in header - */ -void destroy(private_options_t *this) -======= METHOD(options_t, destroy, void, private_options_t *this) ->>>>>>> upstream/4.5.1 { while (this->nuses >= 0) { @@ -210,19 +195,6 @@ METHOD(options_t, destroy, void, */ options_t *options_create(void) { -<<<<<<< HEAD - private_options_t *this = malloc_thing(private_options_t); - - /* initialize */ - this->newargv = NULL; - this->room = 0; - this->nuses = -1; - memset(this->buffers, '\0', MAX_USES); - - /* public functions */ - this->public.from = (bool (*) (options_t*,char*,int*,char***,int))from; - this->public.destroy = (void (*) (options_t*))destroy; -======= private_options_t *this; INIT(this, @@ -233,7 +205,6 @@ options_t *options_create(void) }, .nuses = -1, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in index 8eeed98b3..5a1aa81c0 100644 --- a/src/libtls/Makefile.in +++ b/src/libtls/Makefile.in @@ -195,13 +195,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -222,6 +216,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -240,14 +236,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libtls/tls.c b/src/libtls/tls.c index 20141f235..ea527b122 100644 --- a/src/libtls/tls.c +++ b/src/libtls/tls.c @@ -73,7 +73,11 @@ ENUM_NEXT(tls_extension_names, TLS_EXT_SIGNATURE_ALGORITHMS, TLS_EXT_SIGNATURE_ALGORITHMS, TLS_EXT_EC_POINT_FORMATS, "signature algorithms"); -ENUM_END(tls_extension_names, TLS_EXT_SIGNATURE_ALGORITHMS); +ENUM_NEXT(tls_extension_names, + TLS_EXT_RENEGOTIATION_INFO, TLS_EXT_RENEGOTIATION_INFO, + TLS_EXT_SIGNATURE_ALGORITHMS, + "renegotiation info"); +ENUM_END(tls_extension_names, TLS_EXT_RENEGOTIATION_INFO); /** * TLS record @@ -433,6 +437,7 @@ tls_t *tls_create(bool is_server, identification_t *server, { case TLS_PURPOSE_EAP_TLS: case TLS_PURPOSE_EAP_TTLS: + case TLS_PURPOSE_EAP_PEAP: case TLS_PURPOSE_GENERIC: break; default: diff --git a/src/libtls/tls.h b/src/libtls/tls.h index f929f43fc..54b0621b5 100644 --- a/src/libtls/tls.h +++ b/src/libtls/tls.h @@ -96,6 +96,8 @@ enum tls_purpose_t { TLS_PURPOSE_EAP_TLS, /** outer authentication and protection in EAP-TTLS */ TLS_PURPOSE_EAP_TTLS, + /** outer authentication and protection in EAP-PEAP */ + TLS_PURPOSE_EAP_PEAP, /** non-EAP TLS */ TLS_PURPOSE_GENERIC, /** EAP binding for TNC */ @@ -124,6 +126,12 @@ enum tls_extension_t { TLS_EXT_EC_POINT_FORMATS = 11, /** list supported signature algorithms */ TLS_EXT_SIGNATURE_ALGORITHMS = 13, + /** cryptographic binding for RFC 5746 renegotiation indication */ + TLS_EXT_RENEGOTIATION_INFO = 65281, +}; + +enum tls_name_type_t { + TLS_NAME_TYPE_HOST_NAME = 0, }; /** @@ -202,11 +210,7 @@ struct tls_t { /** * Check if TLS negotiation completed successfully. * -<<<<<<< HEAD - * @return TRUE if TLS negotation and authentication complete -======= * @return TRUE if TLS negotiation and authentication complete ->>>>>>> upstream/4.5.1 */ bool (*is_complete)(tls_t *this); diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 14eb270a2..b000f9d47 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -626,17 +626,6 @@ static void filter_suite(private_tls_crypto_t *this, suite_algs_t suites[], int *count, int offset, enumerator_t*(*create_enumerator)(crypto_factory_t*)) { -<<<<<<< HEAD - suite_algs_t current; - int i, remaining = 0; - enumerator_t *enumerator; - - memset(¤t, 0, sizeof(current)); - for (i = 0; i < *count; i++) - { - enumerator = create_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, ((char*)¤t) + offset)) -======= const char *plugin_name; suite_algs_t current; int *current_alg, i, remaining = 0; @@ -649,7 +638,6 @@ static void filter_suite(private_tls_crypto_t *this, { enumerator = create_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, current_alg, &plugin_name)) ->>>>>>> upstream/4.5.1 { if ((suites[i].encr == ENCR_NULL || !current.encr || current.encr == suites[i].encr) && @@ -1075,18 +1063,11 @@ METHOD(tls_crypto_t, get_signature_algorithms, void, enumerator_t *enumerator; hash_algorithm_t alg; tls_hash_algorithm_t hash; -<<<<<<< HEAD - - supported = tls_writer_create(32); - enumerator = lib->crypto->create_hasher_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &alg)) -======= const char *plugin_name; supported = tls_writer_create(32); enumerator = lib->crypto->create_hasher_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &alg, &plugin_name)) ->>>>>>> upstream/4.5.1 { switch (alg) { @@ -1678,6 +1659,7 @@ tls_crypto_t *tls_crypto_create(tls_t *tls) switch (tls->get_purpose(tls)) { case TLS_PURPOSE_EAP_TLS: + case TLS_PURPOSE_EAP_PEAP: /* MSK PRF ASCII constant label according to EAP-TLS RFC 5216 */ this->msk_label = "client EAP encryption"; build_cipher_suite_list(this, FALSE); diff --git a/src/libtls/tls_eap.c b/src/libtls/tls_eap.c index 2f3627485..685904fdf 100644 --- a/src/libtls/tls_eap.c +++ b/src/libtls/tls_eap.c @@ -1,3 +1,4 @@ + /* * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG @@ -41,6 +42,11 @@ struct private_tls_eap_t { eap_type_t type; /** + * Current value of EAP identifier + */ + u_int8_t identifier; + + /** * TLS stack */ tls_t *tls; @@ -51,6 +57,13 @@ struct private_tls_eap_t { bool is_server; /** + * If FALSE include the total length of an EAP message + * in the first fragment of fragmented messages only. + * If TRUE also include the length in non-fragmented messages. + */ + bool include_length; + + /** * First fragment of a multi-fragment record? */ bool first_fragment; @@ -75,14 +88,15 @@ struct private_tls_eap_t { * Flags of an EAP-TLS/TTLS/TNC message */ typedef enum { - EAP_TLS_LENGTH = (1<<7), /* shared with EAP-TTLS/TNC */ - EAP_TLS_MORE_FRAGS = (1<<6), /* shared with EAP-TTLS/TNC */ - EAP_TLS_START = (1<<5), /* shared with EAP-TTLS/TNC */ - EAP_TTLS_VERSION = (0x07), /* shared with EAP-TNC */ + EAP_TLS_LENGTH = (1<<7), /* shared with EAP-TTLS/TNC/PEAP */ + EAP_TLS_MORE_FRAGS = (1<<6), /* shared with EAP-TTLS/TNC/PEAP */ + EAP_TLS_START = (1<<5), /* shared with EAP-TTLS/TNC/PEAP */ + EAP_TTLS_VERSION = (0x07), /* shared with EAP-TNC/PEAP */ } eap_tls_flags_t; #define EAP_TTLS_SUPPORTED_VERSION 0 #define EAP_TNC_SUPPORTED_VERSION 1 +#define EAP_PEAP_SUPPORTED_VERSION 0 /** * EAP-TLS/TTLS packet format @@ -113,18 +127,19 @@ METHOD(tls_eap_t, initiate, status_t, case EAP_TNC: pkt.flags |= EAP_TNC_SUPPORTED_VERSION; break; + case EAP_PEAP: + pkt.flags |= EAP_PEAP_SUPPORTED_VERSION; + break; default: break; } htoun16(&pkt.length, sizeof(eap_tls_packet_t)); - do - { /* start with non-zero random identifier */ - pkt.identifier = random(); - } - while (!pkt.identifier); + pkt.identifier = this->identifier; - DBG2(DBG_IKE, "sending %N start packet", eap_type_names, this->type); *out = chunk_clone(chunk_from_thing(pkt)); + DBG2(DBG_TLS, "sending %N start packet (%u bytes)", + eap_type_names, this->type, sizeof(eap_tls_packet_t)); + DBG3(DBG_TLS, "%B", out); return NEED_MORE; } return FAILED; @@ -163,8 +178,7 @@ static status_t process_pkt(private_tls_eap_t *this, eap_tls_packet_t *pkt) /** * Build a packet to send */ -static status_t build_pkt(private_tls_eap_t *this, - u_int8_t identifier, chunk_t *out) +static status_t build_pkt(private_tls_eap_t *this, chunk_t *out) { char buf[this->frag_size]; eap_tls_packet_t *pkt; @@ -172,9 +186,13 @@ static status_t build_pkt(private_tls_eap_t *this, status_t status; char *kind; + if (this->is_server) + { + this->identifier++; + } pkt = (eap_tls_packet_t*)buf; pkt->code = this->is_server ? EAP_REQUEST : EAP_RESPONSE; - pkt->identifier = this->is_server ? identifier + 1 : identifier; + pkt->identifier = this->identifier; pkt->type = this->type; pkt->flags = 0; @@ -186,13 +204,15 @@ static status_t build_pkt(private_tls_eap_t *this, case EAP_TNC: pkt->flags |= EAP_TNC_SUPPORTED_VERSION; break; + case EAP_PEAP: + pkt->flags |= EAP_PEAP_SUPPORTED_VERSION; + break; default: break; } if (this->first_fragment) { - pkt->flags |= EAP_TLS_LENGTH; len = sizeof(buf) - sizeof(eap_tls_packet_t) - sizeof(u_int32_t); status = this->tls->build(this->tls, buf + sizeof(eap_tls_packet_t) + sizeof(u_int32_t), &len, &reclen); @@ -210,13 +230,21 @@ static status_t build_pkt(private_tls_eap_t *this, kind = "further fragment"; if (this->first_fragment) { + pkt->flags |= EAP_TLS_LENGTH; this->first_fragment = FALSE; kind = "first fragment"; } break; case ALREADY_DONE: - kind = "packet"; - if (!this->first_fragment) + if (this->first_fragment) + { + if (this->include_length) + { + pkt->flags |= EAP_TLS_LENGTH; + } + kind = "packet"; + } + else { this->first_fragment = TRUE; kind = "final fragment"; @@ -225,39 +253,58 @@ static status_t build_pkt(private_tls_eap_t *this, default: return status; } - DBG2(DBG_TLS, "sending %N %s (%u bytes)", - eap_type_names, this->type, kind, len); if (reclen) { - htoun32(pkt + 1, reclen); - len += sizeof(u_int32_t); - pkt->flags |= EAP_TLS_LENGTH; + if (pkt->flags & EAP_TLS_LENGTH) + { + htoun32(pkt + 1, reclen); + len += sizeof(u_int32_t); + pkt->flags |= EAP_TLS_LENGTH; + } + else + { + /* get rid of the reserved length field */ + memcpy(buf+sizeof(eap_packet_t), + buf+sizeof(eap_packet_t)+sizeof(u_int32_t), len); + } } len += sizeof(eap_tls_packet_t); htoun16(&pkt->length, len); *out = chunk_clone(chunk_create(buf, len)); + DBG2(DBG_TLS, "sending %N %s (%u bytes)", + eap_type_names, this->type, kind, len); + DBG3(DBG_TLS, "%B", out); return NEED_MORE; } /** * Send an ack to request next fragment */ -static chunk_t create_ack(private_tls_eap_t *this, u_int8_t identifier) +static chunk_t create_ack(private_tls_eap_t *this) { eap_tls_packet_t pkt = { .code = this->is_server ? EAP_REQUEST : EAP_RESPONSE, - .identifier = this->is_server ? identifier + 1 : identifier, .type = this->type, }; + + if (this->is_server) + { + this->identifier++; + } + pkt.identifier = this->identifier; htoun16(&pkt.length, sizeof(pkt)); + switch (this->type) { case EAP_TTLS: pkt.flags |= EAP_TTLS_SUPPORTED_VERSION; - break; + break; case EAP_TNC: pkt.flags |= EAP_TNC_SUPPORTED_VERSION; break; + case EAP_PEAP: + pkt.flags |= EAP_PEAP_SUPPORTED_VERSION; + break; default: break; } @@ -274,23 +321,30 @@ METHOD(tls_eap_t, process, status_t, if (++this->processed > this->max_msg_count) { - DBG1(DBG_IKE, "%N packet count exceeded (%d > %d)", + DBG1(DBG_TLS, "%N packet count exceeded (%d > %d)", eap_type_names, this->type, this->processed, this->max_msg_count); return FAILED; } pkt = (eap_tls_packet_t*)in.ptr; - if (in.len < sizeof(eap_tls_packet_t) || - untoh16(&pkt->length) != in.len) + if (in.len < sizeof(eap_tls_packet_t) || untoh16(&pkt->length) != in.len) { - DBG1(DBG_IKE, "invalid %N packet length", - eap_type_names, this->type); + DBG1(DBG_TLS, "invalid %N packet length", eap_type_names, this->type); return FAILED; } + + /* update EAP identifier */ + if (!this->is_server) + { + this->identifier = pkt->identifier; + } + DBG3(DBG_TLS, "%N payload %B", eap_type_names, this->type, &in); + if (pkt->flags & EAP_TLS_START) { - if (this->type == EAP_TTLS || this->type == EAP_TNC) + if (this->type == EAP_TTLS || this->type == EAP_TNC || + this->type == EAP_PEAP) { DBG1(DBG_TLS, "%N version is v%u", eap_type_names, this->type, pkt->flags & EAP_TTLS_VERSION); @@ -302,24 +356,14 @@ METHOD(tls_eap_t, process, status_t, { DBG2(DBG_TLS, "received %N acknowledgement packet", eap_type_names, this->type); - status = build_pkt(this, pkt->identifier, out); -<<<<<<< HEAD - if (status == INVALID_STATE && - this->tls->is_complete(this->tls)) -======= + status = build_pkt(this, out); if (status == INVALID_STATE && this->tls->is_complete(this->tls)) ->>>>>>> upstream/4.5.1 { return SUCCESS; } return status; } status = process_pkt(this, pkt); -<<<<<<< HEAD - if (status != NEED_MORE) - { - return status; -======= switch (status) { case NEED_MORE: @@ -328,19 +372,18 @@ METHOD(tls_eap_t, process, status_t, return this->tls->is_complete(this->tls) ? SUCCESS : FAILED; default: return status; ->>>>>>> upstream/4.5.1 } } - status = build_pkt(this, pkt->identifier, out); + status = build_pkt(this, out); switch (status) { case INVALID_STATE: - *out = create_ack(this, pkt->identifier); + *out = create_ack(this); return NEED_MORE; case FAILED: if (!this->is_server) { - *out = create_ack(this, pkt->identifier); + *out = create_ack(this); return NEED_MORE; } return FAILED; @@ -355,6 +398,18 @@ METHOD(tls_eap_t, get_msk, chunk_t, return this->tls->get_eap_msk(this->tls); } +METHOD(tls_eap_t, get_identifier, u_int8_t, + private_tls_eap_t *this) +{ + return this->identifier; +} + +METHOD(tls_eap_t, set_identifier, void, + private_tls_eap_t *this, u_int8_t identifier) +{ + this->identifier = identifier; +} + METHOD(tls_eap_t, destroy, void, private_tls_eap_t *this) { @@ -366,7 +421,7 @@ METHOD(tls_eap_t, destroy, void, * See header */ tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size, - int max_msg_count) + int max_msg_count, bool include_length) { private_tls_eap_t *this; @@ -380,6 +435,8 @@ tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size, .initiate = _initiate, .process = _process, .get_msk = _get_msk, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, .destroy = _destroy, }, .type = type, @@ -387,8 +444,18 @@ tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size, .first_fragment = TRUE, .frag_size = frag_size, .max_msg_count = max_msg_count, + .include_length = include_length, .tls = tls, ); + if (this->is_server) + { + do + { /* start with non-zero random identifier */ + this->identifier = random(); + } + while (!this->identifier); + } + return &this->public; } diff --git a/src/libtls/tls_eap.h b/src/libtls/tls_eap.h index ebda2636d..c7da832cb 100644 --- a/src/libtls/tls_eap.h +++ b/src/libtls/tls_eap.h @@ -62,6 +62,21 @@ struct tls_eap_t { chunk_t (*get_msk)(tls_eap_t *this); /** + * Get the current EAP identifier. + * + * @return identifier + */ + u_int8_t (*get_identifier)(tls_eap_t *this); + + /** + * Set the EAP identifier to a deterministic value, overwriting + * the randomly initialized default value. + * + * @param identifier EAP identifier + */ + void (*set_identifier) (tls_eap_t *this, u_int8_t identifier); + + /** * Destroy a tls_eap_t. */ void (*destroy)(tls_eap_t *this); @@ -74,8 +89,9 @@ struct tls_eap_t { * @param tls TLS implementation * @param frag_size maximum size of a TLS fragment we send * @param max_msg_count maximum number of processed messages + * @param include_length if TRUE include length in non-fragmented packets */ tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size, - int max_msg_count); + int max_msg_count, bool include_length); #endif /** TLS_EAP_H_ @}*/ diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index c1fd33eea..621f1729d 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -502,8 +502,6 @@ static status_t process_certreq(private_tls_peer_t *this, tls_reader_t *reader) { DBG1(DBG_TLS, "server requested a certificate, but client " "authentication disabled"); - this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE); - return NEED_MORE; } this->crypto->append_handshake(this->crypto, TLS_CERTIFICATE_REQUEST, reader->peek(reader)); @@ -541,19 +539,22 @@ static status_t process_certreq(private_tls_peer_t *this, tls_reader_t *reader) authorities->destroy(authorities); return NEED_MORE; } - id = identification_create_from_encoding(ID_DER_ASN1_DN, data); - cert = lib->credmgr->get_cert(lib->credmgr, - CERT_X509, KEY_ANY, id, TRUE); - if (cert) - { - DBG1(DBG_TLS, "received TLS cert request for '%Y", id); - this->peer_auth->add(this->peer_auth, AUTH_RULE_CA_CERT, cert); - } - else + if (this->peer) { - DBG1(DBG_TLS, "received TLS cert request for unknown CA '%Y'", id); + id = identification_create_from_encoding(ID_DER_ASN1_DN, data); + cert = lib->credmgr->get_cert(lib->credmgr, + CERT_X509, KEY_ANY, id, TRUE); + if (cert) + { + DBG1(DBG_TLS, "received TLS cert request for '%Y", id); + this->peer_auth->add(this->peer_auth, AUTH_RULE_CA_CERT, cert); + } + else + { + DBG1(DBG_TLS, "received TLS cert request for unknown CA '%Y'", id); + } + id->destroy(id); } - id->destroy(id); } authorities->destroy(authorities); this->state = STATE_CERTREQ_RECEIVED; @@ -738,6 +739,20 @@ static status_t send_client_hello(private_tls_peer_t *this, extensions->write_uint8(extensions, 1); extensions->write_uint8(extensions, TLS_EC_POINT_UNCOMPRESSED); } + if (this->server->get_type(this->server) == ID_FQDN) + { + tls_writer_t *names; + + DBG2(DBG_TLS, "sending Server Name Indication for '%Y'", this->server); + + names = tls_writer_create(8); + names->write_uint8(names, TLS_NAME_TYPE_HOST_NAME); + names->write_data16(names, this->server->get_encoding(this->server)); + names->wrap16(names); + extensions->write_uint16(extensions, TLS_EXT_SERVER_NAME); + extensions->write_data16(extensions, names->get_buf(names)); + names->destroy(names); + } writer->write_data16(writer, extensions->get_buf(extensions)); extensions->destroy(extensions); @@ -802,39 +817,42 @@ static status_t send_certificate(private_tls_peer_t *this, this->private = find_private_key(this); if (!this->private) { - DBG1(DBG_TLS, "no TLS peer certificate found for '%Y'", this->peer); - this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR); - return NEED_MORE; + DBG1(DBG_TLS, "no TLS peer certificate found for '%Y', " + "skipping client authentication", this->peer); + this->peer = NULL; } /* generate certificate payload */ certs = tls_writer_create(256); - cert = this->peer_auth->get(this->peer_auth, AUTH_RULE_SUBJECT_CERT); - if (cert) - { - if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) - { - DBG1(DBG_TLS, "sending TLS peer certificate '%Y'", - cert->get_subject(cert)); - certs->write_data24(certs, data); - free(data.ptr); - } - } - enumerator = this->peer_auth->create_enumerator(this->peer_auth); - while (enumerator->enumerate(enumerator, &rule, &cert)) + if (this->peer) { - if (rule == AUTH_RULE_IM_CERT) + cert = this->peer_auth->get(this->peer_auth, AUTH_RULE_SUBJECT_CERT); + if (cert) { if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) { - DBG1(DBG_TLS, "sending TLS intermediate certificate '%Y'", + DBG1(DBG_TLS, "sending TLS peer certificate '%Y'", cert->get_subject(cert)); certs->write_data24(certs, data); free(data.ptr); } } + enumerator = this->peer_auth->create_enumerator(this->peer_auth); + while (enumerator->enumerate(enumerator, &rule, &cert)) + { + if (rule == AUTH_RULE_IM_CERT) + { + if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) + { + DBG1(DBG_TLS, "sending TLS intermediate certificate '%Y'", + cert->get_subject(cert)); + certs->write_data24(certs, data); + free(data.ptr); + } + } + } + enumerator->destroy(enumerator); } - enumerator->destroy(enumerator); writer->write_data24(writer, certs->get_buf(certs)); certs->destroy(certs); diff --git a/src/libtls/tls_reader.c b/src/libtls/tls_reader.c index f13cdc931..2b3cd8cac 100644 --- a/src/libtls/tls_reader.c +++ b/src/libtls/tls_reader.c @@ -52,13 +52,8 @@ METHOD(tls_reader_t, read_uint8, bool, { if (this->buf.len < 1) { -<<<<<<< HEAD - DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", - this->buf.len, 8); -======= DBG1(DBG_TLS, "%d bytes insufficient to parse u_int8 data", this->buf.len); ->>>>>>> upstream/4.5.1 return FALSE; } *res = this->buf.ptr[0]; @@ -71,13 +66,8 @@ METHOD(tls_reader_t, read_uint16, bool, { if (this->buf.len < 2) { -<<<<<<< HEAD - DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", - this->buf.len, 16); -======= DBG1(DBG_TLS, "%d bytes insufficient to parse u_int16 data", this->buf.len); ->>>>>>> upstream/4.5.1 return FALSE; } *res = untoh16(this->buf.ptr); @@ -90,13 +80,8 @@ METHOD(tls_reader_t, read_uint24, bool, { if (this->buf.len < 3) { -<<<<<<< HEAD - DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", - this->buf.len, 24); -======= DBG1(DBG_TLS, "%d bytes insufficient to parse u_int24 data", this->buf.len); ->>>>>>> upstream/4.5.1 return FALSE; } *res = untoh32(this->buf.ptr) >> 8; @@ -109,13 +94,8 @@ METHOD(tls_reader_t, read_uint32, bool, { if (this->buf.len < 4) { -<<<<<<< HEAD - DBG1(DBG_TLS, "%d bytes insufficient to parse uint%d TLS data", - this->buf.len, 32); -======= DBG1(DBG_TLS, "%d bytes insufficient to parse u_int32 data", this->buf.len); ->>>>>>> upstream/4.5.1 return FALSE; } *res = untoh32(this->buf.ptr); @@ -128,11 +108,7 @@ METHOD(tls_reader_t, read_data, bool, { if (this->buf.len < len) { -<<<<<<< HEAD - DBG1(DBG_TLS, "%d bytes insufficient to parse %d bytes TLS data", -======= DBG1(DBG_TLS, "%d bytes insufficient to parse %d bytes of data", ->>>>>>> upstream/4.5.1 this->buf.len, len); return FALSE; } diff --git a/src/libtls/tls_writer.c b/src/libtls/tls_writer.c index d7382e3fd..57c60fdaf 100644 --- a/src/libtls/tls_writer.c +++ b/src/libtls/tls_writer.c @@ -143,7 +143,7 @@ METHOD(tls_writer_t, wrap8, void, { increase(this); } - memmove(this->buf.ptr + 1, this->buf.ptr, 1); + memmove(this->buf.ptr + 1, this->buf.ptr, this->used); this->buf.ptr[0] = this->used; this->used += 1; } @@ -155,7 +155,7 @@ METHOD(tls_writer_t, wrap16, void, { increase(this); } - memmove(this->buf.ptr + 2, this->buf.ptr, 2); + memmove(this->buf.ptr + 2, this->buf.ptr, this->used); htoun16(this->buf.ptr, this->used); this->used += 2; } @@ -169,7 +169,7 @@ METHOD(tls_writer_t, wrap24, void, { increase(this); } - memmove(this->buf.ptr + 3, this->buf.ptr, 3); + memmove(this->buf.ptr + 3, this->buf.ptr, this->used); len = htonl(this->used); memcpy(this->buf.ptr, ((char*)&len) + 1, 3); @@ -183,7 +183,7 @@ METHOD(tls_writer_t, wrap32, void, { increase(this); } - memmove(this->buf.ptr + 4, this->buf.ptr, 4); + memmove(this->buf.ptr + 4, this->buf.ptr, this->used); htoun32(this->buf.ptr, this->used); this->used += 4; } @@ -226,11 +226,7 @@ tls_writer_t *tls_writer_create(u_int32_t bufsize) .get_buf = _get_buf, .destroy = _destroy, }, -<<<<<<< HEAD - .increase = bufsize ?: 32, -======= .increase = bufsize ? max(bufsize, 4) : 32, ->>>>>>> upstream/4.5.1 ); if (bufsize) { diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in index f2def7d98..4b9c0ebae 100644 --- a/src/manager/Makefile.in +++ b/src/manager/Makefile.in @@ -236,13 +236,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,6 +257,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -281,14 +277,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index cc8fc02af..99a8cc135 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -226,13 +226,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -253,6 +247,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -271,14 +267,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/openac/Makefile.in b/src/openac/Makefile.in index b551d6a7b..54544b665 100644 --- a/src/openac/Makefile.in +++ b/src/openac/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/openac/openac.c b/src/openac/openac.c index 5de8f5b7c..745988750 100755 --- a/src/openac/openac.c +++ b/src/openac/openac.c @@ -39,8 +39,8 @@ #include <credentials/sets/mem_cred.h> #include <utils/optionsfrom.h> -#define OPENAC_PATH IPSEC_CONFDIR "/openac" -#define OPENAC_SERIAL IPSEC_CONFDIR "/openac/serial" +#define OPENAC_PATH IPSEC_CONFDIR "/openac" +#define OPENAC_SERIAL IPSEC_CONFDIR "/openac/serial" #define DEFAULT_VALIDITY 24*3600 /* seconds */ @@ -133,7 +133,7 @@ static void write_serial(chunk_t serial) DBG1(DBG_LIB, " serial number is %#B", &serial); hex_serial = chunk_to_hex(serial, NULL, FALSE); - fprintf(fd, "%.*s\n", hex_serial.len, hex_serial.ptr); + fprintf(fd, "%.*s\n", (int)hex_serial.len, hex_serial.ptr); fclose(fd); free(hex_serial.ptr); } @@ -300,6 +300,7 @@ int main(int argc, char **argv) if (*optarg == '/') /* absolute pathname */ { strncpy(path, optarg, BUF_LEN); + path[BUF_LEN-1] = '\0'; } else /* relative pathname */ { @@ -326,7 +327,7 @@ int main(int argc, char **argv) continue; case 'p': /* --key */ - if (strlen(optarg) > BUF_LEN) + if (strlen(optarg) >= BUF_LEN) { usage("passphrase too long"); goto end; @@ -490,7 +491,8 @@ int main(int argc, char **argv) notAfter = (notAfter == UNDEFINED_TIME) ? time(NULL) + validity : notAfter; /* build and parse attribute certificate */ - if (userCert != NULL && signerCert != NULL && signerKey != NULL) + if (userCert != NULL && signerCert != NULL && signerKey != NULL && + outfile != NULL) { /* read the serial number and increment it by one */ serial = read_serial(); @@ -522,7 +524,7 @@ int main(int argc, char **argv) } else { - usage("some of the mandatory parameters --usercert --cert --key " + usage("some of the mandatory parameters --usercert --cert --key --out " "are missing"); } diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index 701413f8f..b29174680 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -197,13 +197,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -224,6 +218,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -242,14 +238,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/pki/command.c b/src/pki/command.c index 245b22af3..0142b4ab7 100644 --- a/src/pki/command.c +++ b/src/pki/command.c @@ -201,11 +201,7 @@ int command_usage(char *error) } for (i = 0; cmds[active].options[i].name; i++) { -<<<<<<< HEAD - fprintf(out, " --%-8s (-%c) %s\n", -======= fprintf(out, " --%-15s (-%c) %s\n", ->>>>>>> upstream/4.5.1 cmds[active].options[i].name, cmds[active].options[i].op, cmds[active].options[i].desc); } diff --git a/src/pki/command.h b/src/pki/command.h index 70a26f712..a6f8bc758 100644 --- a/src/pki/command.h +++ b/src/pki/command.h @@ -29,11 +29,7 @@ /** * Maximum number of options in a command (+1) */ -<<<<<<< HEAD -#define MAX_OPTIONS 20 -======= #define MAX_OPTIONS 32 ->>>>>>> upstream/4.5.1 /** * Maximum number of usage summary lines (+1) diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index c6fd50029..6a5686d92 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -18,18 +18,13 @@ #include "pki.h" #include <debug.h> -<<<<<<< HEAD -======= #include <asn1/asn1.h> ->>>>>>> upstream/4.5.1 #include <utils/linked_list.h> #include <credentials/certificates/certificate.h> #include <credentials/certificates/x509.h> #include <credentials/certificates/pkcs10.h> /** -<<<<<<< HEAD -======= * Free cert policy with OID */ static void destroy_cert_policy(x509_cert_policy_t *policy) @@ -58,7 +53,6 @@ static void destroy_cdp(x509_cdp_t *this) } /** ->>>>>>> upstream/4.5.1 * Issue a certificate using a CA certificate and key */ static int issue() @@ -72,38 +66,26 @@ static int issue() char *file = NULL, *dn = NULL, *hex = NULL, *cacert = NULL, *cakey = NULL; char *error = NULL, *keyid = NULL; identification_t *id = NULL; -<<<<<<< HEAD - linked_list_t *san, *cdps, *ocsp; - int lifetime = 1095; - int pathlen = X509_NO_PATH_LEN_CONSTRAINT; -======= linked_list_t *san, *cdps, *ocsp, *permitted, *excluded, *policies, *mappings; int lifetime = 1095; int pathlen = X509_NO_CONSTRAINT, inhibit_any = X509_NO_CONSTRAINT; int inhibit_mapping = X509_NO_CONSTRAINT, require_explicit = X509_NO_CONSTRAINT; ->>>>>>> upstream/4.5.1 chunk_t serial = chunk_empty; chunk_t encoding = chunk_empty; time_t not_before, not_after; x509_flag_t flags = 0; x509_t *x509; -<<<<<<< HEAD -======= x509_cdp_t *cdp = NULL; x509_cert_policy_t *policy = NULL; ->>>>>>> upstream/4.5.1 char *arg; san = linked_list_create(); cdps = linked_list_create(); ocsp = linked_list_create(); -<<<<<<< HEAD -======= permitted = linked_list_create(); excluded = linked_list_create(); policies = linked_list_create(); mappings = linked_list_create(); ->>>>>>> upstream/4.5.1 while (TRUE) { @@ -165,8 +147,6 @@ static int issue() case 'p': pathlen = atoi(arg); continue; -<<<<<<< HEAD -======= case 'n': permitted->insert_last(permitted, identification_create_from_string(arg)); @@ -240,7 +220,6 @@ static int issue() case 'A': inhibit_any = atoi(arg); continue; ->>>>>>> upstream/4.5.1 case 'e': if (streq(arg, "serverAuth")) { @@ -250,13 +229,10 @@ static int issue() { flags |= X509_CLIENT_AUTH; } -<<<<<<< HEAD -======= else if (streq(arg, "crlSign")) { flags |= X509_CRL_SIGN; } ->>>>>>> upstream/4.5.1 else if (streq(arg, "ocspSigning")) { flags |= X509_OCSP_SIGNER; @@ -265,13 +241,6 @@ static int issue() case 'f': if (!get_form(arg, &form, CRED_CERTIFICATE)) { -<<<<<<< HEAD - return command_usage("invalid output format"); - } - continue; - case 'u': - cdps->insert_last(cdps, arg); -======= error = "invalid output format"; goto usage; } @@ -289,7 +258,6 @@ static int issue() goto usage; } cdp->issuer = identification_create_from_string(arg); ->>>>>>> upstream/4.5.1 continue; case 'o': ocsp->insert_last(ocsp, arg); @@ -302,15 +270,6 @@ static int issue() } break; } -<<<<<<< HEAD - - if (!pkcs10 && !dn) - { - error = "--dn is required"; - goto usage; - } -======= ->>>>>>> upstream/4.5.1 if (!cacert) { error = "--cacert is required"; @@ -321,11 +280,7 @@ static int issue() error = "--cakey or --keyid is required"; goto usage; } -<<<<<<< HEAD - if (dn) -======= if (dn && *dn) ->>>>>>> upstream/4.5.1 { id = identification_create_from_string(dn); if (id->get_type(id) != ID_DER_ASN1_DN) @@ -470,15 +425,12 @@ static int issue() goto end; } -<<<<<<< HEAD -======= if (!id) { id = identification_create_from_encoding(ID_DER_ASN1_DN, chunk_from_chars(ASN1_SEQUENCE, 0)); } ->>>>>>> upstream/4.5.1 not_before = time(NULL); not_after = not_before + lifetime * 24 * 60 * 60; @@ -490,9 +442,6 @@ static int issue() BUILD_SUBJECT_ALTNAMES, san, BUILD_X509_FLAG, flags, BUILD_PATHLEN, pathlen, BUILD_CRL_DISTRIBUTION_POINTS, cdps, -<<<<<<< HEAD - BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_END); -======= BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_PERMITTED_NAME_CONSTRAINTS, permitted, BUILD_EXCLUDED_NAME_CONSTRAINTS, excluded, @@ -502,7 +451,6 @@ static int issue() BUILD_POLICY_INHIBIT_MAPPING, inhibit_mapping, BUILD_POLICY_INHIBIT_ANY, inhibit_any, BUILD_END); ->>>>>>> upstream/4.5.1 if (!cert) { error = "generating certificate failed"; @@ -527,15 +475,11 @@ end: DESTROY_IF(public); DESTROY_IF(private); san->destroy_offset(san, offsetof(identification_t, destroy)); -<<<<<<< HEAD - cdps->destroy(cdps); -======= permitted->destroy_offset(permitted, offsetof(identification_t, destroy)); excluded->destroy_offset(excluded, offsetof(identification_t, destroy)); policies->destroy_function(policies, (void*)destroy_cert_policy); mappings->destroy_function(mappings, (void*)destroy_policy_mapping); cdps->destroy_function(cdps, (void*)destroy_cdp); ->>>>>>> upstream/4.5.1 ocsp->destroy(ocsp); free(encoding.ptr); free(serial.ptr); @@ -549,15 +493,11 @@ end: usage: san->destroy_offset(san, offsetof(identification_t, destroy)); -<<<<<<< HEAD - cdps->destroy(cdps); -======= permitted->destroy_offset(permitted, offsetof(identification_t, destroy)); excluded->destroy_offset(excluded, offsetof(identification_t, destroy)); policies->destroy_function(policies, (void*)destroy_cert_policy); mappings->destroy_function(mappings, (void*)destroy_policy_mapping); cdps->destroy_function(cdps, (void*)destroy_cdp); ->>>>>>> upstream/4.5.1 ocsp->destroy(ocsp); return command_usage(error); } @@ -571,30 +511,6 @@ static void __attribute__ ((constructor))reg() issue, 'i', "issue", "issue a certificate using a CA certificate and key", {"[--in file] [--type pub|pkcs10] --cakey file | --cakeyid hex", -<<<<<<< HEAD - " --cacert file --dn subject-dn [--san subjectAltName]+", - "[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+", - "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|ocspSigning]+", - "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, - { - {"help", 'h', 0, "show usage information"}, - {"in", 'i', 1, "public key/request file to issue, default: stdin"}, - {"type", 't', 1, "type of input, default: pub"}, - {"cacert", 'c', 1, "CA certificate file"}, - {"cakey", 'k', 1, "CA private key file"}, - {"cakeyid", 'x', 1, "keyid on smartcard of CA private key"}, - {"dn", 'd', 1, "distinguished name to include as subject"}, - {"san", 'a', 1, "subjectAltName to include in certificate"}, - {"lifetime",'l', 1, "days the certificate is valid, default: 1095"}, - {"serial", 's', 1, "serial number in hex, default: random"}, - {"ca", 'b', 0, "include CA basicConstraint, default: no"}, - {"pathlen", 'p', 1, "set path length constraint"}, - {"flag", 'e', 1, "include extendedKeyUsage flag"}, - {"crl", 'u', 1, "CRL distribution point URI to include"}, - {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, - {"digest", 'g', 1, "digest for signature creation, default: sha1"}, - {"outform", 'f', 1, "encoding of generated cert, default: der"}, -======= " --cacert file [--dn subject-dn] [--san subjectAltName]+", "[--lifetime days] [--serial hex] [--crl uri [--crlissuer i] ]+ [--ocsp uri]+", "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|crlSign|ocspSigning]+", @@ -631,7 +547,6 @@ static void __attribute__ ((constructor))reg() {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, {"digest", 'g', 1, "digest for signature creation, default: sha1"}, {"outform", 'f', 1, "encoding of generated cert, default: der"}, ->>>>>>> upstream/4.5.1 } }); } diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index b2716f6a8..ee6f30c98 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -15,10 +15,7 @@ #include "pki.h" -<<<<<<< HEAD -======= #include <asn1/asn1.h> ->>>>>>> upstream/4.5.1 #include <credentials/certificates/certificate.h> #include <credentials/certificates/x509.h> #include <credentials/certificates/crl.h> @@ -76,16 +73,11 @@ static void print_x509(x509_t *x509) chunk_t chunk; bool first; char *uri; -<<<<<<< HEAD - int len; - x509_flag_t flags; -======= int len, explicit, inhibit; x509_flag_t flags; x509_cdp_t *cdp; x509_cert_policy_t *policy; x509_policy_mapping_t *mapping; ->>>>>>> upstream/4.5.1 chunk = x509->get_serial(x509); printf("serial: %#B\n", &chunk); @@ -117,13 +109,10 @@ static void print_x509(x509_t *x509) { printf("CA "); } -<<<<<<< HEAD -======= if (flags & X509_CRL_SIGN) { printf("CRLSign "); } ->>>>>>> upstream/4.5.1 if (flags & X509_AA) { printf("AA "); @@ -152,27 +141,15 @@ static void print_x509(x509_t *x509) first = TRUE; enumerator = x509->create_crl_uri_enumerator(x509); -<<<<<<< HEAD - while (enumerator->enumerate(enumerator, &uri)) - { - if (first) - { - printf("CRL URIs: %s\n", uri); -======= while (enumerator->enumerate(enumerator, &cdp)) { if (first) { printf("CRL URIs: %s", cdp->uri); ->>>>>>> upstream/4.5.1 first = FALSE; } else { -<<<<<<< HEAD - printf(" %s\n", uri); - } -======= printf(" %s", cdp->uri); } if (cdp->issuer) @@ -180,7 +157,6 @@ static void print_x509(x509_t *x509) printf(" (CRL issuer: %Y)", cdp->issuer); } printf("\n"); ->>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); @@ -200,19 +176,12 @@ static void print_x509(x509_t *x509) } enumerator->destroy(enumerator); -<<<<<<< HEAD - len = x509->get_pathLenConstraint(x509); - if (len != X509_NO_PATH_LEN_CONSTRAINT) -======= len = x509->get_constraint(x509, X509_PATH_LEN); if (len != X509_NO_CONSTRAINT) ->>>>>>> upstream/4.5.1 { printf("pathlen: %d\n", len); } -<<<<<<< HEAD -======= first = TRUE; enumerator = x509->create_name_constraint_enumerator(x509, TRUE); while (enumerator->enumerate(enumerator, &id)) @@ -312,7 +281,6 @@ static void print_x509(x509_t *x509) } } ->>>>>>> upstream/4.5.1 chunk = x509->get_authKeyIdentifier(x509); if (chunk.ptr) { @@ -356,16 +324,6 @@ static void print_crl(crl_t *crl) crl_reason_t reason; chunk_t chunk; int count = 0; -<<<<<<< HEAD - char buf[64]; - struct tm tm; - - chunk = crl->get_serial(crl); - printf("serial: %#B\n", &chunk); - chunk = crl->get_authKeyIdentifier(crl); - printf("authKeyId: %#B\n", &chunk); - -======= bool first; char buf[64]; struct tm tm; @@ -401,7 +359,6 @@ static void print_crl(crl_t *crl) } enumerator->destroy(enumerator); ->>>>>>> upstream/4.5.1 enumerator = crl->create_enumerator(crl); while (enumerator->enumerate(enumerator, &chunk, &ts, &reason)) { diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c index d1ca45e1a..087a97b3e 100644 --- a/src/pki/commands/req.c +++ b/src/pki/commands/req.c @@ -85,7 +85,8 @@ static int req() case 'f': if (!get_form(arg, &form, CRED_CERTIFICATE)) { - return command_usage("invalid output format"); + error = "invalid output format"; + goto usage; } continue; case EOF: diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index 7f46d3324..c7788ff62 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -20,8 +20,6 @@ #include <utils/linked_list.h> #include <credentials/certificates/certificate.h> #include <credentials/certificates/x509.h> -<<<<<<< HEAD -======= #include <asn1/asn1.h> /** @@ -42,7 +40,6 @@ static void destroy_policy_mapping(x509_policy_mapping_t *mapping) free(mapping->subject.ptr); free(mapping); } ->>>>>>> upstream/4.5.1 /** * Create a self signed certificate. @@ -57,35 +54,23 @@ static int self() public_key_t *public = NULL; char *file = NULL, *dn = NULL, *hex = NULL, *error = NULL, *keyid = NULL; identification_t *id = NULL; -<<<<<<< HEAD - linked_list_t *san, *ocsp; - int lifetime = 1095; - int pathlen = X509_NO_PATH_LEN_CONSTRAINT; -======= linked_list_t *san, *ocsp, *permitted, *excluded, *policies, *mappings; int lifetime = 1095; int pathlen = X509_NO_CONSTRAINT, inhibit_any = X509_NO_CONSTRAINT; int inhibit_mapping = X509_NO_CONSTRAINT, require_explicit = X509_NO_CONSTRAINT; ->>>>>>> upstream/4.5.1 chunk_t serial = chunk_empty; chunk_t encoding = chunk_empty; time_t not_before, not_after; x509_flag_t flags = 0; -<<<<<<< HEAD -======= x509_cert_policy_t *policy = NULL; ->>>>>>> upstream/4.5.1 char *arg; san = linked_list_create(); ocsp = linked_list_create(); -<<<<<<< HEAD -======= permitted = linked_list_create(); excluded = linked_list_create(); policies = linked_list_create(); mappings = linked_list_create(); ->>>>>>> upstream/4.5.1 while (TRUE) { @@ -145,8 +130,6 @@ static int self() case 'p': pathlen = atoi(arg); continue; -<<<<<<< HEAD -======= case 'n': permitted->insert_last(permitted, identification_create_from_string(arg)); @@ -220,7 +203,6 @@ static int self() case 'A': inhibit_any = atoi(arg); continue; ->>>>>>> upstream/4.5.1 case 'e': if (streq(arg, "serverAuth")) { @@ -230,13 +212,10 @@ static int self() { flags |= X509_CLIENT_AUTH; } -<<<<<<< HEAD -======= else if (streq(arg, "crlSign")) { flags |= X509_CRL_SIGN; } ->>>>>>> upstream/4.5.1 else if (streq(arg, "ocspSigning")) { flags |= X509_OCSP_SIGNER; @@ -245,12 +224,8 @@ static int self() case 'f': if (!get_form(arg, &form, CRED_CERTIFICATE)) { -<<<<<<< HEAD - return command_usage("invalid output format"); -======= error = "invalid output format"; goto usage; ->>>>>>> upstream/4.5.1 } continue; case 'o': @@ -335,9 +310,6 @@ static int self() BUILD_NOT_AFTER_TIME, not_after, BUILD_SERIAL, serial, BUILD_DIGEST_ALG, digest, BUILD_X509_FLAG, flags, BUILD_PATHLEN, pathlen, BUILD_SUBJECT_ALTNAMES, san, -<<<<<<< HEAD - BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_END); -======= BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_PERMITTED_NAME_CONSTRAINTS, permitted, BUILD_EXCLUDED_NAME_CONSTRAINTS, excluded, @@ -347,7 +319,6 @@ static int self() BUILD_POLICY_INHIBIT_MAPPING, inhibit_mapping, BUILD_POLICY_INHIBIT_ANY, inhibit_any, BUILD_END); ->>>>>>> upstream/4.5.1 if (!cert) { error = "generating certificate failed"; @@ -370,13 +341,10 @@ end: DESTROY_IF(public); DESTROY_IF(private); san->destroy_offset(san, offsetof(identification_t, destroy)); -<<<<<<< HEAD -======= permitted->destroy_offset(permitted, offsetof(identification_t, destroy)); excluded->destroy_offset(excluded, offsetof(identification_t, destroy)); policies->destroy_function(policies, (void*)destroy_cert_policy); mappings->destroy_function(mappings, (void*)destroy_policy_mapping); ->>>>>>> upstream/4.5.1 ocsp->destroy(ocsp); free(encoding.ptr); free(serial.ptr); @@ -390,13 +358,10 @@ end: usage: san->destroy_offset(san, offsetof(identification_t, destroy)); -<<<<<<< HEAD -======= permitted->destroy_offset(permitted, offsetof(identification_t, destroy)); excluded->destroy_offset(excluded, offsetof(identification_t, destroy)); policies->destroy_function(policies, (void*)destroy_cert_policy); mappings->destroy_function(mappings, (void*)destroy_policy_mapping); ->>>>>>> upstream/4.5.1 ocsp->destroy(ocsp); return command_usage(error); } @@ -412,25 +377,6 @@ static void __attribute__ ((constructor))reg() {"[--in file | --keyid hex] [--type rsa|ecdsa]", " --dn distinguished-name [--san subjectAltName]+", "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+", -<<<<<<< HEAD - "[--flag serverAuth|clientAuth|ocspSigning]+", - "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, - { - {"help", 'h', 0, "show usage information"}, - {"in", 'i', 1, "private key input file, default: stdin"}, - {"keyid", 'x', 1, "keyid on smartcard of private key"}, - {"type", 't', 1, "type of input key, default: rsa"}, - {"dn", 'd', 1, "subject and issuer distinguished name"}, - {"san", 'a', 1, "subjectAltName to include in certificate"}, - {"lifetime",'l', 1, "days the certificate is valid, default: 1095"}, - {"serial", 's', 1, "serial number in hex, default: random"}, - {"ca", 'b', 0, "include CA basicConstraint, default: no"}, - {"pathlen", 'p', 1, "set path length constraint"}, - {"flag", 'e', 1, "include extendedKeyUsage flag"}, - {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, - {"digest", 'g', 1, "digest for signature creation, default: sha1"}, - {"outform", 'f', 1, "encoding of generated cert, default: der"}, -======= "[--flag serverAuth|clientAuth|crlSign|ocspSigning]+", "[--nc-permitted name] [--nc-excluded name]", "[--cert-policy oid [--cps-uri uri] [--user-notice text] ]+", @@ -461,7 +407,6 @@ static void __attribute__ ((constructor))reg() {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, {"digest", 'g', 1, "digest for signature creation, default: sha1"}, {"outform", 'f', 1, "encoding of generated cert, default: der"}, ->>>>>>> upstream/4.5.1 } }); } diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index 07e4add48..9a21bd99c 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -98,8 +98,6 @@ static int read_serial(char *file, char *buf, int buflen) } /** -<<<<<<< HEAD -======= * Destroy a CDP */ static void cdp_destroy(x509_cdp_t *this) @@ -109,7 +107,6 @@ static void cdp_destroy(x509_cdp_t *this) } /** ->>>>>>> upstream/4.5.1 * Sign a CRL */ static int sign_crl() @@ -122,22 +119,12 @@ static int sign_crl() x509_t *x509; hash_algorithm_t digest = HASH_SHA1; char *arg, *cacert = NULL, *cakey = NULL, *lastupdate = NULL, *error = NULL; -<<<<<<< HEAD -======= char *basecrl = NULL; ->>>>>>> upstream/4.5.1 char serial[512], crl_serial[8], *keyid = NULL; int serial_len = 0; crl_reason_t reason = CRL_REASON_UNSPECIFIED; time_t thisUpdate, nextUpdate, date = time(NULL); int lifetime = 15; -<<<<<<< HEAD - linked_list_t *list; - enumerator_t *enumerator, *lastenum = NULL; - chunk_t encoding = chunk_empty; - - list = linked_list_create(); -======= linked_list_t *list, *cdps; enumerator_t *enumerator, *lastenum = NULL; x509_cdp_t *cdp; @@ -145,7 +132,6 @@ static int sign_crl() list = linked_list_create(); cdps = linked_list_create(); ->>>>>>> upstream/4.5.1 memset(crl_serial, 0, sizeof(crl_serial)); @@ -216,8 +202,6 @@ static int sign_crl() reason = CRL_REASON_UNSPECIFIED; continue; } -<<<<<<< HEAD -======= case 'b': basecrl = arg; continue; @@ -227,7 +211,6 @@ static int sign_crl() ); cdps->insert_last(cdps, cdp); continue; ->>>>>>> upstream/4.5.1 case 'r': if (streq(arg, "key-compromise")) { @@ -255,7 +238,8 @@ static int sign_crl() } else { - return command_usage( "invalid revocation reason"); + error = "invalid revocation reason"; + goto usage; } continue; case 'd': @@ -269,7 +253,8 @@ static int sign_crl() case 'f': if (!get_form(arg, &form, CRED_CERTIFICATE)) { - return command_usage("invalid output format"); + error = "invalid output format"; + goto usage; } continue; case EOF: @@ -300,15 +285,9 @@ static int sign_crl() goto error; } x509 = (x509_t*)ca; -<<<<<<< HEAD - if (!(x509->get_flags(x509) & X509_CA)) - { - error = "CA certificate misses CA basicConstraint"; -======= if (!(x509->get_flags(x509) & (X509_CA | X509_CRL_SIGN))) { error = "CA certificate misses CA basicConstraint / CRLSign keyUsage"; ->>>>>>> upstream/4.5.1 goto error; } public = ca->get_public_key(ca); @@ -346,8 +325,6 @@ static int sign_crl() thisUpdate = time(NULL); nextUpdate = thisUpdate + lifetime * 24 * 60 * 60; -<<<<<<< HEAD -======= if (basecrl) { lastcrl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, @@ -364,7 +341,6 @@ static int sign_crl() lastcrl = NULL; } ->>>>>>> upstream/4.5.1 if (lastupdate) { lastcrl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, @@ -378,13 +354,10 @@ static int sign_crl() min(lastcrl->get_serial(lastcrl).len, sizeof(crl_serial))); lastenum = lastcrl->create_enumerator(lastcrl); } -<<<<<<< HEAD -======= else { lastenum = enumerator_create_empty(); } ->>>>>>> upstream/4.5.1 chunk_increment(chunk_create(crl_serial, sizeof(crl_serial))); @@ -394,20 +367,12 @@ static int sign_crl() BUILD_SIGNING_KEY, private, BUILD_SIGNING_CERT, ca, BUILD_SERIAL, chunk_create(crl_serial, sizeof(crl_serial)), BUILD_NOT_BEFORE_TIME, thisUpdate, BUILD_NOT_AFTER_TIME, nextUpdate, -<<<<<<< HEAD - BUILD_REVOKED_ENUMERATOR, enumerator, BUILD_DIGEST_ALG, digest, - lastenum ? BUILD_REVOKED_ENUMERATOR : BUILD_END, lastenum, - BUILD_END); - enumerator->destroy(enumerator); - DESTROY_IF(lastenum); -======= BUILD_REVOKED_ENUMERATOR, enumerator, BUILD_REVOKED_ENUMERATOR, lastenum, BUILD_DIGEST_ALG, digest, BUILD_CRL_DISTRIBUTION_POINTS, cdps, BUILD_BASE_CRL, baseCrlNumber, BUILD_END); enumerator->destroy(enumerator); lastenum->destroy(lastenum); ->>>>>>> upstream/4.5.1 DESTROY_IF((certificate_t*)lastcrl); if (!crl) @@ -432,13 +397,9 @@ error: DESTROY_IF(ca); DESTROY_IF(crl); free(encoding.ptr); -<<<<<<< HEAD - list->destroy_function(list, (void*)revoked_destroy); -======= free(baseCrlNumber.ptr); list->destroy_function(list, (void*)revoked_destroy); cdps->destroy_function(cdps, (void*)cdp_destroy); ->>>>>>> upstream/4.5.1 if (error) { fprintf(stderr, "%s\n", error); @@ -448,10 +409,7 @@ error: usage: list->destroy_function(list, (void*)revoked_destroy); -<<<<<<< HEAD -======= cdps->destroy_function(cdps, (void*)cdp_destroy); ->>>>>>> upstream/4.5.1 return command_usage(error); } @@ -464,30 +422,13 @@ static void __attribute__ ((constructor))reg() sign_crl, 'c', "signcrl", "issue a CRL using a CA certificate and key", {"--cacert file --cakey file | --cakeyid hex --lifetime days", -<<<<<<< HEAD -======= "[--lastcrl crl] [--basecrl crl] [--crluri uri ]+", ->>>>>>> upstream/4.5.1 "[ [--reason key-compromise|ca-compromise|affiliation-changed|", " superseded|cessation-of-operation|certificate-hold]", " [--date timestamp]", " --cert file | --serial hex ]*", "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, { -<<<<<<< HEAD - {"help", 'h', 0, "show usage information"}, - {"cacert", 'c', 1, "CA certificate file"}, - {"cakey", 'k', 1, "CA private key file"}, - {"cakeyid", 'x', 1, "keyid on smartcard of CA private key"}, - {"lifetime",'l', 1, "days the CRL gets a nextUpdate, default: 15"}, - {"lastcrl", 'a', 1, "CRL of lastUpdate to copy revocations from"}, - {"cert", 'z', 1, "certificate file to revoke"}, - {"serial", 's', 1, "hex encoded certificate serial number to revoke"}, - {"reason", 'r', 1, "reason for certificate revocation"}, - {"date", 'd', 1, "revocation date as unix timestamp, default: now"}, - {"digest", 'g', 1, "digest for signature creation, default: sha1"}, - {"outform", 'f', 1, "encoding of generated crl, default: der"}, -======= {"help", 'h', 0, "show usage information"}, {"cacert", 'c', 1, "CA certificate file"}, {"cakey", 'k', 1, "CA private key file"}, @@ -502,7 +443,6 @@ static void __attribute__ ((constructor))reg() {"date", 'd', 1, "revocation date as unix timestamp, default: now"}, {"digest", 'g', 1, "digest for signature creation, default: sha1"}, {"outform", 'f', 1, "encoding of generated crl, default: der"}, ->>>>>>> upstream/4.5.1 } }); } diff --git a/src/pluto/Makefile.in b/src/pluto/Makefile.in index eb7f2c28a..92e66db17 100644 --- a/src/pluto/Makefile.in +++ b/src/pluto/Makefile.in @@ -304,13 +304,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -331,6 +325,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -349,14 +345,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/pluto/adns.c b/src/pluto/adns.c index 95e22b96f..5d6979447 100644 --- a/src/pluto/adns.c +++ b/src/pluto/adns.c @@ -224,6 +224,7 @@ worker(int qfd, int afd) a.amagic = ADNS_A_MAGIC; a.serial = q.serial; + a.continuation = NULL; a.result = res_nquery(statp, q.name_buf, C_IN, q.type, a.ans, sizeof(a.ans)); a.h_errno_val = h_errno; diff --git a/src/pluto/alg_info.c b/src/pluto/alg_info.c index d06e09007..fe27c10b2 100644 --- a/src/pluto/alg_info.c +++ b/src/pluto/alg_info.c @@ -539,7 +539,7 @@ alg_info_snprint(char *buf, int buflen, struct alg_info *alg_info) buflen -= np; if (esp_info->esp_ealg_keylen) { - np = snprintf(ptr, buflen, "_%u", esp_info->esp_ealg_keylen); + np = snprintf(ptr, buflen, "_%zu", esp_info->esp_ealg_keylen); ptr += np; buflen -= np; } @@ -571,7 +571,7 @@ alg_info_snprint(char *buf, int buflen, struct alg_info *alg_info) buflen -= np; if (ike_info->ike_eklen) { - np = snprintf(ptr, buflen, "_%u", ike_info->ike_eklen); + np = snprintf(ptr, buflen, "_%zu", ike_info->ike_eklen); ptr += np; buflen -= np; } diff --git a/src/pluto/ca.c b/src/pluto/ca.c index 713d56ef1..add85def8 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -629,11 +629,7 @@ void add_ca_info(const whack_message_t *msg) if (strncasecmp(msg->ocspuri, "http", 4) == 0) ca->ocspuri = clone_str(msg->ocspuri); else -<<<<<<< HEAD - plog(" ignoring ocspuri with unkown protocol"); -======= plog(" ignoring ocspuri with unknown protocol"); ->>>>>>> upstream/4.5.1 } /* add crl uris */ diff --git a/src/pluto/connections.c b/src/pluto/connections.c index 9f277e135..2194362d2 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -673,7 +673,7 @@ size_t format_end(char *buf, size_t buf_len, const struct end *this, } else if (subnetisnone(&this->client)) { - strcpy(client, "?"); + strncpy(client, "?", sizeof(client)); } else { @@ -685,7 +685,7 @@ size_t format_end(char *buf, size_t buf_len, const struct end *this, /* we are mode config client, or a server with a pool */ client_sep = "==="; client[0] = '%'; - strcpy(client+1, this->pool ? this->pool : "modecfg"); + strncpy(client+1, this->pool ?: "modecfg", sizeof(client)-1); } /* host */ @@ -1443,11 +1443,11 @@ static connection_t *instantiate(connection_t *c, const ip_address *him, connect_to_host_pair(d); - return d; if (sameaddr(&d->spd.that.host_addr, &d->spd.this.host_nexthop)) { d->spd.this.host_nexthop = *him; } + return d; } connection_t *rw_instantiate(connection_t *c, const ip_address *him, diff --git a/src/pluto/crl.c b/src/pluto/crl.c index d8f962501..38db0f2fd 100644 --- a/src/pluto/crl.c +++ b/src/pluto/crl.c @@ -163,7 +163,7 @@ bool insert_crl(x509crl_t *x509crl, char *crl_uri, bool cache_crl) { /* keep any known CRL distribution points */ add_distribution_points(x509crl->distributionPoints, - oldcrl->distributionPoints); + oldcrl->distributionPoints); /* now delete the old CRL */ free_first_crl(); @@ -199,7 +199,7 @@ bool insert_crl(x509crl_t *x509crl, char *crl_uri, bool cache_crl) chunk_t hex, encoding; hex = chunk_to_hex(crl->get_authKeyIdentifier(crl), NULL, FALSE); - snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_PATH, hex); + snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_PATH, hex.ptr); free(hex.ptr); if (cert_crl->get_encoding(cert_crl, CERT_ASN1_DER, &encoding)) @@ -352,11 +352,7 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate, x509crl_t *x509crl; ca_info_t *ca; enumerator_t *enumerator; -<<<<<<< HEAD - char *point; -======= x509_cdp_t *cdp; ->>>>>>> upstream/4.5.1 ca = get_ca_info(issuer, authKeyID); @@ -380,15 +376,9 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate, } enumerator = x509->create_crl_uri_enumerator(x509); -<<<<<<< HEAD - while (enumerator->enumerate(enumerator, &point)) - { - add_distribution_point(crluris, point); -======= while (enumerator->enumerate(enumerator, &cdp)) { add_distribution_point(crluris, cdp->uri); ->>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); @@ -426,22 +416,17 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate, } enumerator = x509->create_crl_uri_enumerator(x509); -<<<<<<< HEAD - while (enumerator->enumerate(enumerator, &point)) - { - add_distribution_point(x509crl->distributionPoints, point); -======= while (enumerator->enumerate(enumerator, &cdp)) { add_distribution_point(x509crl->distributionPoints, cdp->uri); ->>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); lock_authcert_list("verify_by_crl"); issuer_cert = get_authcert(issuer, authKeyID, X509_CA); - trusted = cert_crl->issued_by(cert_crl, issuer_cert->cert); + trusted = issuer_cert ? cert_crl->issued_by(cert_crl, issuer_cert->cert) + : FALSE; unlock_authcert_list("verify_by_crl"); diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c index 695035ea1..f01966c72 100644 --- a/src/pluto/crypto.c +++ b/src/pluto/crypto.c @@ -26,16 +26,6 @@ static struct encrypt_desc encrypt_desc_3des = { -<<<<<<< HEAD - algo_type: IKE_ALG_ENCRYPT, - algo_id: OAKLEY_3DES_CBC, - algo_next: NULL, - - enc_blocksize: DES_BLOCK_SIZE, - keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, - keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, - keymaxlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, -======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_3DES_CBC, plugin_name: NULL, @@ -45,7 +35,6 @@ static struct encrypt_desc encrypt_desc_3des = keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, keymaxlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, ->>>>>>> upstream/4.5.1 }; #define AES_KEY_MIN_LEN 128 @@ -54,16 +43,6 @@ static struct encrypt_desc encrypt_desc_3des = static struct encrypt_desc encrypt_desc_aes = { -<<<<<<< HEAD - algo_type: IKE_ALG_ENCRYPT, - algo_id: OAKLEY_AES_CBC, - algo_next: NULL, - - enc_blocksize: AES_BLOCK_SIZE, - keyminlen: AES_KEY_MIN_LEN, - keydeflen: AES_KEY_DEF_LEN, - keymaxlen: AES_KEY_MAX_LEN, -======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_AES_CBC, plugin_name: NULL, @@ -73,7 +52,6 @@ static struct encrypt_desc encrypt_desc_aes = keyminlen: AES_KEY_MIN_LEN, keydeflen: AES_KEY_DEF_LEN, keymaxlen: AES_KEY_MAX_LEN, ->>>>>>> upstream/4.5.1 }; #define CAMELLIA_KEY_MIN_LEN 128 @@ -82,16 +60,6 @@ static struct encrypt_desc encrypt_desc_aes = static struct encrypt_desc encrypt_desc_camellia = { -<<<<<<< HEAD - algo_type: IKE_ALG_ENCRYPT, - algo_id: OAKLEY_CAMELLIA_CBC, - algo_next: NULL, - - enc_blocksize: CAMELLIA_BLOCK_SIZE, - keyminlen: CAMELLIA_KEY_MIN_LEN, - keydeflen: CAMELLIA_KEY_DEF_LEN, - keymaxlen: CAMELLIA_KEY_MAX_LEN, -======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_CAMELLIA_CBC, plugin_name: NULL, @@ -101,7 +69,6 @@ static struct encrypt_desc encrypt_desc_camellia = keyminlen: CAMELLIA_KEY_MIN_LEN, keydeflen: CAMELLIA_KEY_DEF_LEN, keymaxlen: CAMELLIA_KEY_MAX_LEN, ->>>>>>> upstream/4.5.1 }; #define BLOWFISH_KEY_MIN_LEN 128 @@ -109,16 +76,6 @@ static struct encrypt_desc encrypt_desc_camellia = static struct encrypt_desc encrypt_desc_blowfish = { -<<<<<<< HEAD - algo_type: IKE_ALG_ENCRYPT, - algo_id: OAKLEY_BLOWFISH_CBC, - algo_next: NULL, - - enc_blocksize: BLOWFISH_BLOCK_SIZE, - keyminlen: BLOWFISH_KEY_MIN_LEN, - keydeflen: BLOWFISH_KEY_MIN_LEN, - keymaxlen: BLOWFISH_KEY_MAX_LEN, -======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_BLOWFISH_CBC, plugin_name: NULL, @@ -128,7 +85,6 @@ static struct encrypt_desc encrypt_desc_blowfish = keyminlen: BLOWFISH_KEY_MIN_LEN, keydeflen: BLOWFISH_KEY_MIN_LEN, keymaxlen: BLOWFISH_KEY_MAX_LEN, ->>>>>>> upstream/4.5.1 }; #define SERPENT_KEY_MIN_LEN 128 @@ -137,16 +93,6 @@ static struct encrypt_desc encrypt_desc_blowfish = static struct encrypt_desc encrypt_desc_serpent = { -<<<<<<< HEAD - algo_type: IKE_ALG_ENCRYPT, - algo_id: OAKLEY_SERPENT_CBC, - algo_next: NULL, - - enc_blocksize: SERPENT_BLOCK_SIZE, - keyminlen: SERPENT_KEY_MIN_LEN, - keydeflen: SERPENT_KEY_DEF_LEN, - keymaxlen: SERPENT_KEY_MAX_LEN, -======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_SERPENT_CBC, plugin_name: NULL, @@ -156,7 +102,6 @@ static struct encrypt_desc encrypt_desc_serpent = keyminlen: SERPENT_KEY_MIN_LEN, keydeflen: SERPENT_KEY_DEF_LEN, keymaxlen: SERPENT_KEY_MAX_LEN, ->>>>>>> upstream/4.5.1 }; #define TWOFISH_KEY_MIN_LEN 128 @@ -165,16 +110,6 @@ static struct encrypt_desc encrypt_desc_serpent = static struct encrypt_desc encrypt_desc_twofish = { -<<<<<<< HEAD - algo_type: IKE_ALG_ENCRYPT, - algo_id: OAKLEY_TWOFISH_CBC, - algo_next: NULL, - - enc_blocksize: TWOFISH_BLOCK_SIZE, - keydeflen: TWOFISH_KEY_MIN_LEN, - keyminlen: TWOFISH_KEY_DEF_LEN, - keymaxlen: TWOFISH_KEY_MAX_LEN, -======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_TWOFISH_CBC, plugin_name: NULL, @@ -184,21 +119,10 @@ static struct encrypt_desc encrypt_desc_twofish = keydeflen: TWOFISH_KEY_MIN_LEN, keyminlen: TWOFISH_KEY_DEF_LEN, keymaxlen: TWOFISH_KEY_MAX_LEN, ->>>>>>> upstream/4.5.1 }; static struct encrypt_desc encrypt_desc_twofish_ssh = { -<<<<<<< HEAD - algo_type: IKE_ALG_ENCRYPT, - algo_id: OAKLEY_TWOFISH_CBC_SSH, - algo_next: NULL, - - enc_blocksize: TWOFISH_BLOCK_SIZE, - keydeflen: TWOFISH_KEY_MIN_LEN, - keyminlen: TWOFISH_KEY_DEF_LEN, - keymaxlen: TWOFISH_KEY_MAX_LEN, -======= algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_TWOFISH_CBC_SSH, plugin_name: NULL, @@ -208,17 +132,13 @@ static struct encrypt_desc encrypt_desc_twofish_ssh = keydeflen: TWOFISH_KEY_MIN_LEN, keyminlen: TWOFISH_KEY_DEF_LEN, keymaxlen: TWOFISH_KEY_MAX_LEN, ->>>>>>> upstream/4.5.1 }; static struct hash_desc hash_desc_md5 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_MD5, -<<<<<<< HEAD -======= plugin_name: NULL, ->>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_MD5, }; @@ -227,10 +147,7 @@ static struct hash_desc hash_desc_sha1 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA, -<<<<<<< HEAD -======= plugin_name: NULL, ->>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_SHA1, }; @@ -238,10 +155,7 @@ static struct hash_desc hash_desc_sha1 = static struct hash_desc hash_desc_sha2_256 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA2_256, -<<<<<<< HEAD -======= plugin_name: NULL, ->>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_SHA256, }; @@ -249,10 +163,7 @@ static struct hash_desc hash_desc_sha2_256 = { static struct hash_desc hash_desc_sha2_384 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA2_384, -<<<<<<< HEAD -======= plugin_name: NULL, ->>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_SHA384, }; @@ -260,119 +171,12 @@ static struct hash_desc hash_desc_sha2_384 = { static struct hash_desc hash_desc_sha2_512 = { algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA2_512, -<<<<<<< HEAD -======= plugin_name: NULL, ->>>>>>> upstream/4.5.1 algo_next: NULL, hash_digest_size: HASH_SIZE_SHA512, }; const struct dh_desc unset_group = { -<<<<<<< HEAD - algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_NONE, - algo_next: NULL, - ke_size: 0 -}; - -static struct dh_desc dh_desc_modp_1024 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_1024_BIT, - algo_next: NULL, - ke_size: 1024 / BITS_PER_BYTE -}; - -static struct dh_desc dh_desc_modp_1536 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_1536_BIT, - algo_next: NULL, - ke_size: 1536 / BITS_PER_BYTE -}; - -static struct dh_desc dh_desc_modp_2048 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_2048_BIT, - algo_next: NULL, - ke_size: 2048 / BITS_PER_BYTE -}; - -static struct dh_desc dh_desc_modp_3072 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_3072_BIT, - algo_next: NULL, - ke_size: 3072 / BITS_PER_BYTE -}; - -static struct dh_desc dh_desc_modp_4096 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_4096_BIT, - algo_next: NULL, - ke_size: 4096 / BITS_PER_BYTE -}; - -static struct dh_desc dh_desc_modp_6144 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_6144_BIT, - algo_next: NULL, - ke_size: 6144 / BITS_PER_BYTE -}; - -static struct dh_desc dh_desc_modp_8192 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_8192_BIT, - algo_next: NULL, - ke_size: 8192 / BITS_PER_BYTE -}; - -static struct dh_desc dh_desc_ecp_256 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_256_BIT, - algo_next: NULL, - ke_size: 2*256 / BITS_PER_BYTE -}; - -static struct dh_desc dh_desc_ecp_384 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_384_BIT, - algo_next: NULL, - ke_size: 2*384 / BITS_PER_BYTE -}; - -static struct dh_desc dh_desc_ecp_521 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_521_BIT, - algo_next: NULL, - ke_size: 2*528 / BITS_PER_BYTE -}; - -static struct dh_desc dh_desc_modp_1024_160 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_1024_160, - algo_next: NULL, - ke_size: 1024 / BITS_PER_BYTE -}; - -static struct dh_desc dh_desc_modp_2048_224 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_2048_224, - algo_next: NULL, - ke_size: 2048 / BITS_PER_BYTE -}; - -static struct dh_desc dh_desc_modp_2048_256 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_2048_256, - algo_next: NULL, - ke_size: 2048 / BITS_PER_BYTE -}; - -static struct dh_desc dh_desc_ecp_192 = { - algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_192_BIT, - algo_next: NULL, - ke_size: 2*192 / BITS_PER_BYTE -======= algo_type: IKE_ALG_DH_GROUP, algo_id: MODP_NONE, plugin_name: NULL, @@ -489,20 +293,14 @@ static struct dh_desc dh_desc_ecp_192 = { plugin_name: NULL, algo_next: NULL, ke_size: 2*192 / BITS_PER_BYTE ->>>>>>> upstream/4.5.1 }; static struct dh_desc dh_desc_ecp_224 = { algo_type: IKE_ALG_DH_GROUP, algo_id: ECP_224_BIT, -<<<<<<< HEAD - algo_next: NULL, - ke_size: 2*224 / BITS_PER_BYTE -======= plugin_name: NULL, algo_next: NULL, ke_size: 2*224 / BITS_PER_BYTE ->>>>>>> upstream/4.5.1 }; bool init_crypto(void) @@ -511,19 +309,12 @@ bool init_crypto(void) encryption_algorithm_t encryption_alg; hash_algorithm_t hash_alg; diffie_hellman_group_t dh_group; -<<<<<<< HEAD -======= const char *plugin_name; ->>>>>>> upstream/4.5.1 bool no_md5 = TRUE; bool no_sha1 = TRUE; enumerator = lib->crypto->create_hasher_enumerator(lib->crypto); -<<<<<<< HEAD - while (enumerator->enumerate(enumerator, &hash_alg)) -======= while (enumerator->enumerate(enumerator, &hash_alg, &plugin_name)) ->>>>>>> upstream/4.5.1 { const struct hash_desc *desc; @@ -549,11 +340,7 @@ bool init_crypto(void) default: continue; } -<<<<<<< HEAD - ike_alg_add((struct ike_alg *)desc); -======= ike_alg_add((struct ike_alg *)desc, plugin_name); ->>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); @@ -567,11 +354,7 @@ bool init_crypto(void) } enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); -<<<<<<< HEAD - while (enumerator->enumerate(enumerator, &encryption_alg)) -======= while (enumerator->enumerate(enumerator, &encryption_alg, &plugin_name)) ->>>>>>> upstream/4.5.1 { const struct encrypt_desc *desc; @@ -591,12 +374,8 @@ bool init_crypto(void) break; case ENCR_TWOFISH_CBC: desc = &encrypt_desc_twofish; -<<<<<<< HEAD - ike_alg_add((struct ike_alg *)&encrypt_desc_twofish_ssh); -======= ike_alg_add((struct ike_alg *)&encrypt_desc_twofish_ssh, plugin_name); ->>>>>>> upstream/4.5.1 break; case ENCR_SERPENT_CBC: desc = &encrypt_desc_serpent; @@ -604,20 +383,12 @@ bool init_crypto(void) default: continue; } -<<<<<<< HEAD - ike_alg_add((struct ike_alg *)desc); -======= ike_alg_add((struct ike_alg *)desc, plugin_name); ->>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); enumerator = lib->crypto->create_dh_enumerator(lib->crypto); -<<<<<<< HEAD - while (enumerator->enumerate(enumerator, &dh_group)) -======= while (enumerator->enumerate(enumerator, &dh_group, &plugin_name)) ->>>>>>> upstream/4.5.1 { const struct dh_desc *desc; @@ -671,11 +442,7 @@ bool init_crypto(void) default: continue; } -<<<<<<< HEAD - ike_alg_add((struct ike_alg *)desc); -======= ike_alg_add((struct ike_alg *)desc, plugin_name); ->>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); return TRUE; diff --git a/src/pluto/demux.c b/src/pluto/demux.c index 22976fe9a..294601295 100644 --- a/src/pluto/demux.c +++ b/src/pluto/demux.c @@ -770,7 +770,7 @@ check_msg_errqueue(const struct iface *ifp, short interest) /* note dirty trick to suppress ~ at start of format * if we know what state to blame. */ - if ((packet_len == 1) && (buffer[0] = 0xff) + if ((packet_len == 1) && (buffer[0] == 0xff) #ifdef DEBUG && ((cur_debugging & DBG_NATT) == 0) #endif @@ -966,7 +966,9 @@ malloc_md(void) * - .note = NOTHING_WRONG * - .encrypted = FALSE */ - static const struct msg_digest blank_md; + static const struct msg_digest blank_md = { + .next = NULL, + }; if (md == NULL) { @@ -1142,17 +1144,14 @@ read_packet(struct msg_digest *md) , ifp->rname , ip_str(&md->sender), (unsigned)md->sender_port)); } - + free(buffer); return FALSE; } else if (from_ugh != NULL) { -<<<<<<< HEAD - plog("recvfrom on %s returned misformed source sockaddr: %s" -======= plog("recvfrom on %s returned malformed source sockaddr: %s" ->>>>>>> upstream/4.5.1 , ifp->rname, from_ugh); + free(buffer); return FALSE; } cur_from = &md->sender; @@ -1166,6 +1165,7 @@ read_packet(struct msg_digest *md) { plog("recvfrom %s:%u too small packet (%d)" , ip_str(cur_from), (unsigned) cur_from_port, packet_len); + free(buffer); return FALSE; } memcpy(&non_esp, buffer, sizeof(u_int32_t)); @@ -1173,6 +1173,7 @@ read_packet(struct msg_digest *md) { plog("recvfrom %s:%u has no Non-ESP marker" , ip_str(cur_from), (unsigned) cur_from_port); + free(buffer); return FALSE; } packet_len -= sizeof(u_int32_t); @@ -1665,7 +1666,7 @@ process_packet(struct msg_digest **mdp) * Look up the appropriate microcode based on state and * possibly Oakley Auth type. */ - passert(STATE_IKE_FLOOR <= from_state && from_state <= STATE_IKE_ROOF); + passert(STATE_IKE_FLOOR <= from_state && from_state < STATE_IKE_ROOF); smc = ike_microcode_index[from_state - STATE_IKE_FLOOR]; if (st != NULL) diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c index 1d2d13371..3dfc1386f 100644 --- a/src/pluto/fetch.c +++ b/src/pluto/fetch.c @@ -309,8 +309,9 @@ static char* complete_uri(char *distPoint, const char *ldaphost) char uri[BUF_LEN]; /* insert the ldaphost into the uri */ - snprintf(uri, BUF_LEN, "%.*s%s%.*s", strlen(distPoint)-len, - distPoint, ldaphost, len, symbol); + snprintf(uri, BUF_LEN, "%.*s%s%.*s", + (int)strlen(distPoint) - len, distPoint, ldaphost, + len, symbol); return strdup(uri); } } diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c index eabe6c86e..3061630e0 100644 --- a/src/pluto/ike_alg.c +++ b/src/pluto/ike_alg.c @@ -72,11 +72,7 @@ static struct ike_alg *ike_alg_find(u_int algo_type, u_int algo_id, /** * "raw" ike_alg list adding function */ -<<<<<<< HEAD -int ike_alg_add(struct ike_alg* a) -======= int ike_alg_add(struct ike_alg* a, const char *plugin_name) ->>>>>>> upstream/4.5.1 { if (a->algo_type > IKE_ALG_MAX) { @@ -100,10 +96,7 @@ int ike_alg_add(struct ike_alg* a, const char *plugin_name) e = *ep; } *ep = a; -<<<<<<< HEAD -======= a->plugin_name = plugin_name; ->>>>>>> upstream/4.5.1 a->algo_next = e; return 0; } @@ -156,7 +149,6 @@ struct db_context *ike_alg_db_new(connection_t *c, lset_t policy) struct alg_info_ike *ai = c->alg_info_ike; struct db_context *db_ctx = NULL; struct ike_info *ike_info; - struct encrypt_desc *enc_desc; u_int ealg, halg, modp, eklen = 0; int i; @@ -198,7 +190,6 @@ struct db_context *ike_alg_db_new(connection_t *c, lset_t policy) enum_show(&oakley_group_names, modp)); continue; } - enc_desc = ike_alg_get_crypter(ealg); if (policy & POLICY_PUBKEY) { @@ -312,8 +303,6 @@ fail: } /** -<<<<<<< HEAD -======= * Print the name of an algorithm plus the name of the plugin that registered it */ static void print_alg(char *buf, int *len, enum_names *alg_names, int alg_type, @@ -321,7 +310,7 @@ static void print_alg(char *buf, int *len, enum_names *alg_names, int alg_type, { char alg_name[BUF_LEN]; int alg_name_len; - + alg_name_len = sprintf(alg_name, " %s[%s]", enum_name(alg_names, alg_type), plugin_name); if (*len + alg_name_len > CRYPTO_MAX_ALG_LINE) @@ -334,74 +323,21 @@ static void print_alg(char *buf, int *len, enum_names *alg_names, int alg_type, } /** ->>>>>>> upstream/4.5.1 * Show registered IKE algorithms */ void ike_alg_list(void) { -<<<<<<< HEAD - char buf[BUF_LEN]; - char *pos; - int n, len; -======= rng_quality_t quality; enumerator_t *enumerator; const char *plugin_name; char buf[BUF_LEN]; int len; ->>>>>>> upstream/4.5.1 struct ike_alg *a; whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of registered IKEv1 Algorithms:"); whack_log(RC_COMMENT, " "); -<<<<<<< HEAD - pos = buf; - *pos = '\0'; - len = BUF_LEN; - for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next) - { - n = snprintf(pos, len, " %s", enum_name(&oakley_enc_names, a->algo_id)); - pos += n; - len -= n; - if (len <= 0) - { - break; - } - } - whack_log(RC_COMMENT, " encryption:%s", buf); - - pos = buf; - *pos = '\0'; - len = BUF_LEN; - for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next) - { - n = snprintf(pos, len, " %s", enum_name(&oakley_hash_names, a->algo_id)); - pos += n; - len -= n; - if (len <= 0) - { - break; - } - } - whack_log(RC_COMMENT, " integrity: %s", buf); - - pos = buf; - *pos = '\0'; - len = BUF_LEN; - for (a = ike_alg_base[IKE_ALG_DH_GROUP]; a != NULL; a = a->algo_next) - { - n = snprintf(pos, len, " %s", enum_name(&oakley_group_names, a->algo_id)); - pos += n; - len -= n; - if (len <= 0) - { - break; - } - } - whack_log(RC_COMMENT, " dh-group: %s", buf); -======= len = sprintf(buf, " encryption:"); for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next) { @@ -432,7 +368,6 @@ void ike_alg_list(void) } enumerator->destroy(enumerator); whack_log(RC_COMMENT, "%s", buf); ->>>>>>> upstream/4.5.1 } /** diff --git a/src/pluto/ike_alg.h b/src/pluto/ike_alg.h index 7ee2ca808..c3ce8bb38 100644 --- a/src/pluto/ike_alg.h +++ b/src/pluto/ike_alg.h @@ -22,20 +22,14 @@ struct ike_alg { u_int16_t algo_type; u_int16_t algo_id; -<<<<<<< HEAD -======= const char *plugin_name; ->>>>>>> upstream/4.5.1 struct ike_alg *algo_next; }; struct encrypt_desc { u_int16_t algo_type; u_int16_t algo_id; -<<<<<<< HEAD -======= const char *plugin_name; ->>>>>>> upstream/4.5.1 struct ike_alg *algo_next; size_t enc_blocksize; @@ -47,10 +41,7 @@ struct encrypt_desc { struct hash_desc { u_int16_t algo_type; u_int16_t algo_id; -<<<<<<< HEAD -======= const char *plugin_name; ->>>>>>> upstream/4.5.1 struct ike_alg *algo_next; size_t hash_digest_size; @@ -59,10 +50,7 @@ struct hash_desc { struct dh_desc { u_int16_t algo_type; u_int16_t algo_id; -<<<<<<< HEAD -======= const char *plugin_name; ->>>>>>> upstream/4.5.1 struct ike_alg *algo_next; size_t ke_size; @@ -73,11 +61,7 @@ struct dh_desc { #define IKE_ALG_DH_GROUP 2 #define IKE_ALG_MAX IKE_ALG_DH_GROUP -<<<<<<< HEAD -extern int ike_alg_add(struct ike_alg *a); -======= extern int ike_alg_add(struct ike_alg *a, const char *plugin_name); ->>>>>>> upstream/4.5.1 extern struct hash_desc *ike_alg_get_hasher(u_int alg); extern struct encrypt_desc *ike_alg_get_crypter(u_int alg); extern struct dh_desc *ike_alg_get_dh_group(u_int alg); diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 7ec547b0c..c8a347b45 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -104,6 +104,14 @@ #define RETURN_STF_FAILURE(f) \ { int r = (f); if (r != ISAKMP_NOTHING_WRONG) return STF_FAIL + r; } +/* The endpoint(s) for which an SA is getting installed, so keying material + * can be properly wiped. + */ +enum endpoint { + EP_LOCAL = 1, + EP_REMOTE = 1 << 1, +}; + /* create output HDR as replica of input HDR */ void echo_hdr(struct msg_digest *md, bool enc, u_int8_t np) { @@ -2196,9 +2204,9 @@ static void decode_cert(struct msg_digest *md) cert_t x509cert = cert_empty; x509cert.cert = lib->creds->create(lib->creds, - CRED_CERTIFICATE, CERT_X509, - BUILD_BLOB_ASN1_DER, blob, - BUILD_END); + CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, blob, + BUILD_END); if (x509cert.cert) { if (verify_x509cert(&x509cert, strict_crl_policy, &valid_until)) @@ -2741,13 +2749,59 @@ static bool has_preloaded_public_key(struct state *st) return FALSE; } +/* Compute keying material for an SA + */ +static void compute_keymat_internal(struct state *st, u_int8_t protoid, + ipsec_spi_t spi, size_t needed_len, + u_char **keymat_out) +{ + size_t i = 0, prf_block_size, needed_space; + chunk_t protoid_chunk = chunk_from_thing(protoid); + chunk_t spi_chunk = chunk_from_thing(spi); + pseudo_random_function_t prf_alg = oakley_to_prf(st->st_oakley.hash); + prf_t *prf = lib->crypto->create_prf(lib->crypto, prf_alg); + + prf->set_key(prf, st->st_skeyid_d); + prf_block_size = prf->get_block_size(prf); + + /* Although only needed_len bytes are desired, we must round up to a + * multiple of prf_block_size so that the buffer isn't overrun */ + needed_space = needed_len + pad_up(needed_len, prf_block_size); + replace(*keymat_out, malloc(needed_space)); + + for (;;) + { + char *keymat_i = (*keymat_out) + i; + chunk_t keymat = { keymat_i, prf_block_size }; + + if (st->st_shared.ptr != NULL) + { /* PFS: include the g^xy */ + prf->get_bytes(prf, st->st_shared, NULL); + } + prf->get_bytes(prf, protoid_chunk, NULL); + prf->get_bytes(prf, spi_chunk, NULL); + prf->get_bytes(prf, st->st_ni, NULL); + prf->get_bytes(prf, st->st_nr, keymat_i); + + i += prf_block_size; + if (i >= needed_space) + { + break; + } + + /* more keying material needed: prepare to go around again */ + prf->get_bytes(prf, keymat, NULL); + } + prf->destroy(prf); +} + /* * Produce the new key material of Quick Mode. * RFC 2409 "IKE" section 5.5 * specifies how this is to be done. */ static void compute_proto_keymat(struct state *st, u_int8_t protoid, - struct ipsec_proto_info *pi) + struct ipsec_proto_info *pi, enum endpoint ep) { size_t needed_len = 0; /* bytes of keying material needed */ @@ -2833,82 +2887,57 @@ static void compute_proto_keymat(struct state *st, u_int8_t protoid, pi->keymat_len = needed_len; - /* Allocate space for the keying material. Although only needed_len bytes - * are desired, we must round up to a multiple of hash_size - * so that our buffer isn't overrun. - */ + if (ep & EP_LOCAL) { - size_t needed_space; /* space needed for keying material (rounded up) */ - size_t i, prf_block_size; - chunk_t protoid_chunk = chunk_from_thing(protoid); - chunk_t spi_our = chunk_from_thing(pi->our_spi); - chunk_t spi_peer = chunk_from_thing(pi->attrs.spi); - pseudo_random_function_t prf_alg; - prf_t *prf_our, *prf_peer; - - prf_alg = oakley_to_prf(st->st_oakley.hash); - prf_our = lib->crypto->create_prf(lib->crypto, prf_alg); - prf_peer = lib->crypto->create_prf(lib->crypto, prf_alg); - prf_our->set_key(prf_our, st->st_skeyid_d); - prf_peer->set_key(prf_peer, st->st_skeyid_d); - prf_block_size = prf_our->get_block_size(prf_our); - - needed_space = needed_len + pad_up(needed_len, prf_block_size); - replace(pi->our_keymat, malloc(needed_space)); - replace(pi->peer_keymat, malloc(needed_space)); - - for (i = 0;; ) - { - char *keymat_i_our = pi->our_keymat + i; - char *keymat_i_peer = pi->peer_keymat + i; - chunk_t keymat_our = { keymat_i_our, prf_block_size }; - chunk_t keymat_peer = { keymat_i_peer, prf_block_size }; - - if (st->st_shared.ptr != NULL) - { - /* PFS: include the g^xy */ - prf_our->get_bytes(prf_our, st->st_shared, NULL); - prf_peer->get_bytes(prf_peer, st->st_shared, NULL); - } - prf_our->get_bytes(prf_our, protoid_chunk, NULL); - prf_peer->get_bytes(prf_peer, protoid_chunk, NULL); - - prf_our->get_bytes(prf_our, spi_our, NULL); - prf_peer->get_bytes(prf_peer, spi_peer, NULL); - - prf_our->get_bytes(prf_our, st->st_ni, NULL); - prf_peer->get_bytes(prf_peer, st->st_ni, NULL); - - prf_our->get_bytes(prf_our, st->st_nr, keymat_i_our); - prf_peer->get_bytes(prf_peer, st->st_nr, keymat_i_peer); + compute_keymat_internal(st, protoid, pi->our_spi, needed_len, + &pi->our_keymat); + DBG(DBG_CRYPT, + DBG_dump("KEYMAT computed:\n", pi->our_keymat, + pi->keymat_len)); + } + if (ep & EP_REMOTE) + { + compute_keymat_internal(st, protoid, pi->attrs.spi, needed_len, + &pi->peer_keymat); + DBG(DBG_CRYPT, + DBG_dump("Peer KEYMAT computed:\n", pi->peer_keymat, + pi->keymat_len)); + } +} - i += prf_block_size; - if (i >= needed_space) - { - break; - } +static void compute_keymats(struct state *st, enum endpoint ep) +{ + if (st->st_ah.present) + { + compute_proto_keymat(st, PROTO_IPSEC_AH, &st->st_ah, ep); + } + if (st->st_esp.present) + { + compute_proto_keymat(st, PROTO_IPSEC_ESP, &st->st_esp, ep); + } +} - /* more keying material needed: prepare to go around again */ - prf_our->get_bytes(prf_our, keymat_our, NULL); - prf_peer->get_bytes(prf_peer, keymat_peer, NULL); - } - prf_our->destroy(prf_our); - prf_peer->destroy(prf_peer); +static void wipe_proto_keymat(struct ipsec_proto_info *pi, enum endpoint ep) +{ + if (ep & EP_LOCAL) + { + memwipe(pi->our_keymat, pi->keymat_len); + } + if (ep & EP_REMOTE) + { + memwipe(pi->peer_keymat, pi->keymat_len); } - DBG(DBG_CRYPT, - DBG_dump("KEYMAT computed:\n", pi->our_keymat, pi->keymat_len); - DBG_dump("Peer KEYMAT computed:\n", pi->peer_keymat, pi->keymat_len)); } -static void compute_keymats(struct state *st) +static void wipe_keymats(struct state *st, enum endpoint ep) { if (st->st_ah.present) { - compute_proto_keymat(st, PROTO_IPSEC_AH, &st->st_ah); + wipe_proto_keymat(&st->st_ah, ep); } if (st->st_esp.present) { - compute_proto_keymat(st, PROTO_IPSEC_ESP, &st->st_esp); + wipe_proto_keymat(&st->st_esp, ep); } } @@ -3824,7 +3853,7 @@ main_id_and_auth(struct msg_digest *md case XAUTHInitRSA: case XAUTHRespRSA: r = check_signature(KEY_RSA, peer, st, hash, - &md->chain[ISAKMP_NEXT_SIG]->pbs, + &md->chain[ISAKMP_NEXT_SIG]->pbs, #ifdef USE_KEYRR kc == NULL ? NULL : kc->ac.keys_from_dns, #endif /* USE_KEYRR */ @@ -4975,6 +5004,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, /* now that we are sure of our connection, create our new state */ { + enum endpoint ep = EP_LOCAL; struct state *const st = duplicate_state(p1st); /* first: fill in missing bits of our new state object @@ -5152,7 +5182,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, , st, &st->st_msgid, TRUE); /* Derive new keying material */ - compute_keymats(st); + compute_keymats(st, ep); /* Tell the kernel to establish the new inbound SA * (unless the commit bit is set -- which we don't support). @@ -5161,8 +5191,10 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, */ if (!install_inbound_ipsec_sa(st)) { + wipe_keymats(st, ep); return STF_INTERNAL_ERROR; /* ??? we may be partly committed */ } + wipe_keymats(st, ep); /* encrypt message, except for fixed part of header */ @@ -5206,6 +5238,7 @@ static void dpd_init(struct state *st) */ stf_status quick_inR1_outI2(struct msg_digest *md) { + enum endpoint ep = EP_LOCAL | EP_REMOTE; struct state *const st = md->st; const connection_t *c = st->st_connection; @@ -5325,7 +5358,7 @@ stf_status quick_inR1_outI2(struct msg_digest *md) } /* Derive new keying material */ - compute_keymats(st); + compute_keymats(st, ep); /* Tell the kernel to establish the inbound, outbound, and routing part * of the new SA (unless the commit bit is set -- which we don't support). @@ -5334,8 +5367,10 @@ stf_status quick_inR1_outI2(struct msg_digest *md) */ if (!install_ipsec_sa(st, TRUE)) { + wipe_keymats(st, ep); return STF_INTERNAL_ERROR; } + wipe_keymats(st, ep); /* encrypt message, except for fixed part of header */ @@ -5374,12 +5409,16 @@ stf_status quick_inR1_outI2(struct msg_digest *md) */ stf_status quick_inI2(struct msg_digest *md) { + enum endpoint ep = EP_REMOTE; struct state *const st = md->st; /* HASH(3) in */ CHECK_QUICK_HASH(md, quick_mode_hash3(hash_val, st) , "HASH(3)", "Quick I2"); + /* Derive keying material */ + compute_keymats(st, ep); + /* Tell the kernel to establish the outbound and routing part of the new SA * (the previous state established inbound) * (unless the commit bit is set -- which we don't support). @@ -5388,8 +5427,11 @@ stf_status quick_inI2(struct msg_digest *md) */ if (!install_ipsec_sa(st, FALSE)) { + wipe_keymats(st, ep); return STF_INTERNAL_ERROR; } + wipe_keymats(st, ep); + DBG(DBG_CONTROLMORE, DBG_log("inI2: instance %s[%ld], setting newest_ipsec_sa to #%ld (was #%ld) (spd.eroute=#%ld)" , st->st_connection->name @@ -5851,6 +5893,7 @@ dpd_timeout(struct state *st) /* caching the connection name before deletion */ strncpy(cname, c->name, BUF_LEN); + cname[BUF_LEN-1] = '\0'; if (c->kind == CK_INSTANCE) { diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c index 7d54b9e8e..8bed1fcfc 100644 --- a/src/pluto/kernel.c +++ b/src/pluto/kernel.c @@ -1183,13 +1183,9 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) if (hydra->kernel_interface->add_sa(hydra->kernel_interface, host_src, host_dst, ipcomp_spi, said_next->proto, c->spd.reqid, -<<<<<<< HEAD - mark, <_none, ENCR_UNDEFINED, chunk_empty, -======= mark, 0, <_none, ENCR_UNDEFINED, chunk_empty, ->>>>>>> upstream/4.5.1 AUTH_UNDEFINED, chunk_empty, mode, - st->st_ipcomp.attrs.transid, 0 /* cpi */, FALSE, + st->st_ipcomp.attrs.transid, 0 /* cpi */, FALSE, FALSE, inbound, NULL, NULL) != SUCCESS) { goto fail; @@ -1296,13 +1292,9 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) if (hydra->kernel_interface->add_sa(hydra->kernel_interface, host_src, host_dst, esp_spi, said_next->proto, c->spd.reqid, -<<<<<<< HEAD - mark, <_none, enc_alg, enc_key, -======= mark, 0, <_none, enc_alg, enc_key, ->>>>>>> upstream/4.5.1 auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */, - encap, inbound, NULL, NULL) != SUCCESS) + encap, FALSE, inbound, NULL, NULL) != SUCCESS) { goto fail; } @@ -1333,13 +1325,9 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) if (hydra->kernel_interface->add_sa(hydra->kernel_interface, host_src, host_dst, ah_spi, said_next->proto, c->spd.reqid, -<<<<<<< HEAD - mark, <_none, ENCR_UNDEFINED, chunk_empty, -======= mark, 0, <_none, ENCR_UNDEFINED, chunk_empty, ->>>>>>> upstream/4.5.1 auth_alg, auth_key, mode, IPCOMP_NONE, 0 /* cpi */, - FALSE, inbound, NULL, NULL) != SUCCESS) + FALSE, FALSE, inbound, NULL, NULL) != SUCCESS) { goto fail; } diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c index 41155c619..eab2a8f06 100644 --- a/src/pluto/kernel_alg.c +++ b/src/pluto/kernel_alg.c @@ -397,13 +397,6 @@ struct sadb_alg* kernel_alg_esp_sadb_alg(u_int alg_id) return sadb_alg; } -<<<<<<< HEAD -void kernel_alg_list(void) -{ - char buf[BUF_LEN]; - char *pos; - int n, len; -======= /** * Print the name of a kernel algorithm */ @@ -411,7 +404,7 @@ static void print_alg(char *buf, int *len, enum_names *alg_names, int alg_type) { char alg_name[BUF_LEN]; int alg_name_len; - + alg_name_len = sprintf(alg_name, " %s", enum_name(alg_names, alg_type)); if (*len + alg_name_len > CRYPTO_MAX_ALG_LINE) { @@ -426,71 +419,33 @@ void kernel_alg_list(void) { char buf[BUF_LEN]; int len; ->>>>>>> upstream/4.5.1 u_int sadb_id; whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of registered ESP Algorithms:"); whack_log(RC_COMMENT, " "); -<<<<<<< HEAD - pos = buf; - *pos = '\0'; - len = BUF_LEN; -======= len = sprintf(buf, " encryption:"); ->>>>>>> upstream/4.5.1 for (sadb_id = 1; sadb_id <= SADB_EALG_MAX; sadb_id++) { if (ESP_EALG_PRESENT(sadb_id)) { -<<<<<<< HEAD - n = snprintf(pos, len, " %s", - enum_name(&esp_transform_names, sadb_id)); - pos += n; - len -= n; - if (len <= 0) - { - break; - } - } - } - whack_log(RC_COMMENT, " encryption:%s", buf); - - pos = buf; - *pos = '\0'; - len = BUF_LEN; -======= print_alg(buf, &len, &esp_transform_names, sadb_id); } } whack_log(RC_COMMENT, "%s", buf); len = sprintf(buf, " integrity: "); ->>>>>>> upstream/4.5.1 for (sadb_id = 1; sadb_id <= SADB_AALG_MAX; sadb_id++) { if (ESP_AALG_PRESENT(sadb_id)) { u_int aaid = alg_info_esp_sadb2aa(sadb_id); -<<<<<<< HEAD - n = snprintf(pos, len, " %s", enum_name(&auth_alg_names, aaid)); - pos += n; - len -= n; - if (len <= 0) - { - break; - } - } - } - whack_log(RC_COMMENT, " integrity: %s", buf); -======= print_alg(buf, &len, &auth_alg_names, aaid); } } whack_log(RC_COMMENT, "%s", buf); ->>>>>>> upstream/4.5.1 } void kernel_alg_show_connection(connection_t *c, const char *instance) @@ -678,12 +633,11 @@ static bool kernel_alg_db_add(struct db_context *db_ctx, * malloced pointer (this quirk allows easier spdb.c change) */ struct db_context* kernel_alg_db_new(struct alg_info_esp *alg_info, - lset_t policy ) + lset_t policy) { const struct esp_info *esp_info; struct esp_info tmp_esp_info; struct db_context *ctx_new = NULL; - struct db_prop *prop; u_int trans_cnt = esp_ealg_num * esp_aalg_num; if (!(policy & POLICY_ENCRYPT)) /* not possible, I think */ @@ -704,7 +658,6 @@ struct db_context* kernel_alg_db_new(struct alg_info_esp *alg_info, kernel_alg_db_add(ctx_new, &tmp_esp_info, policy); } } - prop = db_prop_get(ctx_new); return ctx_new; } diff --git a/src/pluto/keys.c b/src/pluto/keys.c index e2c52fab0..4b0e08791 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -494,7 +494,6 @@ static err_t process_rsa_secret(private_key_t **key) if (ugh) { ugh = builddiag("RSA data malformed (%s): %s", ugh, tok); - part++; goto end; } rsa_chunk[part] = chunk_create(buf, sz); @@ -902,10 +901,7 @@ static void process_secret(secret_t *s, int whackfd) { loglog(RC_LOG_SERIOUS, "\"%s\" line %d: %s" , flp->filename, flp->lino, ugh); -<<<<<<< HEAD -======= s->ids->destroy_offset(s->ids, offsetof(identification_t, destroy)); ->>>>>>> upstream/4.5.1 free(s); } else if (flushline("expected record boundary in key")) @@ -1014,16 +1010,11 @@ static void process_secret_records(int whackfd) if (!shift()) { /* unexpected Record Boundary or EOF */ -<<<<<<< HEAD - loglog(RC_LOG_SERIOUS, "\"%s\" line %d: unexpected end of id list" - , flp->filename, flp->lino); -======= loglog(RC_LOG_SERIOUS, "\"%s\" line %d: unexpected end" " of id list", flp->filename, flp->lino); s->ids->destroy_offset(s->ids, offsetof(identification_t, destroy)); free(s); ->>>>>>> upstream/4.5.1 break; } } diff --git a/src/pluto/log.c b/src/pluto/log.c index 6e70898a5..c5f1776ec 100644 --- a/src/pluto/log.c +++ b/src/pluto/log.c @@ -337,16 +337,16 @@ open_peerlog(connection_t *c) /* copy IP address, turning : and . into / */ { - char c, *p, *q; + char ch, *p, *q; p = peername; q = dname; do { - c = *p++; - if (c == '.' || c == ':') - c = '/'; - *q++ = c; - } while (c != '\0'); + ch = *p++; + if (ch == '.' || ch == ':') + ch = '/'; + *q++ = ch; + } while (ch != '\0'); } lf_len = peernamelen * 2 @@ -834,7 +834,8 @@ DBG_dump(const char *label, const void *p, size_t len) static void show_loaded_plugins() { - char buf[BUF_LEN], *plugin; + char buf[BUF_LEN]; + plugin_t *plugin; int len = 0; enumerator_t *enumerator; @@ -842,7 +843,7 @@ static void show_loaded_plugins() enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); while (len < BUF_LEN && enumerator->enumerate(enumerator, &plugin)) { - len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin); + len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin->get_name(plugin)); } enumerator->destroy(enumerator); whack_log(RC_COMMENT, "loaded plugins: %s", buf); diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c index a2acce23a..8298ea601 100644 --- a/src/pluto/modecfg.c +++ b/src/pluto/modecfg.c @@ -120,9 +120,10 @@ static void get_attributes(connection_t *c, linked_list_t *ca_list) int family; family = (ca->type == INTERNAL_IP4_ADDRESS) ? AF_INET : AF_INET6; + DESTROY_IF(requested_vip); requested_vip = (ca->value.len) ? host_create_from_chunk(family, ca->value, 0) : - host_create_any(family); + host_create_any(family); plog("peer requested virtual IP %H", requested_vip); break; } @@ -166,7 +167,7 @@ static void get_attributes(connection_t *c, linked_list_t *ca_list) requested_vip->destroy(requested_vip); /* if we have a virtual IP address - send it */ - if (!c->spd.that.host_srcip->is_anyaddr(c->spd.that.host_srcip)) + if (!c->spd.that.host_srcip->is_anyaddr(c->spd.that.host_srcip)) { vip = c->spd.that.host_srcip; plog("assigning virtual IP %H to peer", vip); @@ -179,7 +180,7 @@ static void get_attributes(connection_t *c, linked_list_t *ca_list) /* set the remote client subnet to virtual IP */ c->spd.that.client.addr = *(ip_address*)vip->get_sockaddr(vip); - c->spd.that.client.maskbits = (family == AF_INET) ? 32 : 128; + c->spd.that.client.maskbits = (family == AF_INET) ? 32 : 128; c->spd.that.has_client = TRUE; } @@ -264,8 +265,8 @@ static bool set_attributes(connection_t *c, linked_list_t *ca_list) setportof(0, &c->spd.this.client.addr); c->spd.this.has_client = TRUE; - vip_set = TRUE; - } + vip_set = TRUE; + } continue; case APPLICATION_VERSION: #ifdef CISCO_QUIRKS @@ -420,7 +421,7 @@ static stf_status modecfg_build_msg(struct state *st, pb_stream *rbody, } enumerator->destroy(enumerator); close_output_pbs(&strattr); - + modecfg_hash(r_hashval, r_hash_start, rbody->cur, st); close_message(rbody); encrypt_message(rbody, st); @@ -653,7 +654,7 @@ static stf_status modecfg_parse_msg(struct msg_digest *md, int isama_type, ca_list->destroy_function(ca_list, (void*)modecfg_attribute_destroy); return stat; } - + /* discard the parsed attributes and look for another payload */ while (ca_list->remove_last(ca_list, (void **)&ca) == SUCCESS) {} } @@ -670,7 +671,7 @@ stf_status modecfg_send_request(struct state *st) { connection_t *c = st->st_connection; stf_status stat; - modecfg_attribute_t *ca; + modecfg_attribute_t *ca; enumerator_t *enumerator; int family; chunk_t value; @@ -685,7 +686,7 @@ stf_status modecfg_send_request(struct state *st) value); ca_list->insert_last(ca_list, ca); - register_attribute_handlers(c); + register_attribute_handlers(c); enumerator = c->requested->create_enumerator(c->requested); while (enumerator->enumerate(enumerator, &ca)) { @@ -800,7 +801,7 @@ stf_status modecfg_send_set(struct state *st) * Used in ModeCfg push mode on the client (initiator) * called in demux.c from STATE_MODE_CFG_I0 * client <- CFG_SET - * client -> CFG_ACK + * client -> CFG_ACK * STF_OK transitions to STATE_MODE_CFG_I3 */ stf_status modecfg_inI0(struct msg_digest *md) @@ -865,7 +866,7 @@ stf_status modecfg_inI0(struct msg_digest *md) /** * Used in ModeCfg push mode on the server (responder) * called in demux.c from STATE_MODE_CFG_R3 - * server <- CFG_ACK + * server <- CFG_ACK * STF_OK transitions to STATE_MODE_CFG_R4 */ stf_status modecfg_inR3(struct msg_digest *md) @@ -1140,7 +1141,7 @@ stf_status xauth_inR1(struct msg_digest *md) xauth_user_name.ptr) ) DESTROY_IF(c->xauth_identity); - c->xauth_identity = identification_create_from_data(xauth_user_name); + c->xauth_identity = identification_create_from_data(xauth_user_name); DBG(DBG_PRIVATE, DBG_log("peer xauth user password is '%.*s'", xauth_user_password.len, diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c index 14e5cbb96..f5ee07398 100644 --- a/src/pluto/ocsp.c +++ b/src/pluto/ocsp.c @@ -192,7 +192,7 @@ static const asn1Object_t basicResponseObjects[] = { { 5, "critical", ASN1_BOOLEAN, ASN1_BODY | ASN1_DEF }, /* 16 */ { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 17 */ - { 4, "end loop", ASN1_EOC, ASN1_END }, /* 18 */ + { 3, "end loop", ASN1_EOC, ASN1_END }, /* 18 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 19 */ { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 20 */ { 1, "signature", ASN1_BIT_STRING, ASN1_BODY }, /* 21 */ @@ -1045,13 +1045,8 @@ static bool valid_ocsp_response(response_t *res) ) /* check path length constraint */ -<<<<<<< HEAD - pathlen_constraint = x509->get_pathLenConstraint(x509); - if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && -======= pathlen_constraint = x509->get_constraint(x509, X509_PATH_LEN); if (pathlen_constraint != X509_NO_CONSTRAINT && ->>>>>>> upstream/4.5.1 pathlen > pathlen_constraint) { plog("path length of %d violates constraint of %d", diff --git a/src/pluto/plugins/xauth/Makefile.in b/src/pluto/plugins/xauth/Makefile.in index 793a0e88d..3ae6ea12b 100644 --- a/src/pluto/plugins/xauth/Makefile.in +++ b/src/pluto/plugins/xauth/Makefile.in @@ -218,13 +218,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -245,6 +239,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -263,14 +259,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/pluto/plugins/xauth/xauth_plugin.c b/src/pluto/plugins/xauth/xauth_plugin.c index 74e16eacd..bfc4820ed 100644 --- a/src/pluto/plugins/xauth/xauth_plugin.c +++ b/src/pluto/plugins/xauth/xauth_plugin.c @@ -18,10 +18,15 @@ #include "xauth_plugin.h" #include "xauth_default_provider.h" #include "xauth_default_verifier.h" -/** - * Implementation of plugin_t.destroy - */ -static void destroy(xauth_plugin_t *this) + +METHOD(plugin_t, get_name, char*, + xauth_plugin_t *this) +{ + return "xauth"; +} + +METHOD(plugin_t, destroy, void, + xauth_plugin_t *this) { free(this); } @@ -31,9 +36,15 @@ static void destroy(xauth_plugin_t *this) */ plugin_t *xauth_plugin_create() { - xauth_plugin_t *this = malloc_thing(xauth_plugin_t); + xauth_plugin_t *this; - this->plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + ); pluto->xauth->add_provider(pluto->xauth, xauth_default_provider_create()); pluto->xauth->add_verifier(pluto->xauth, xauth_default_verifier_create()); diff --git a/src/pluto/pluto.8 b/src/pluto/pluto.8 index 1efb1a6f7..9ac537bd9 100644 --- a/src/pluto/pluto.8 +++ b/src/pluto/pluto.8 @@ -1,14 +1,8 @@ .TH IPSEC_PLUTO 8 "28 March 1999" .SH NAME -<<<<<<< HEAD -ipsec pluto \- IPsec IKE keying daemon -.br -ipsec whack \- control interface for IPSEC keying daemon -======= pluto \- IPsec IKE keying daemon and control interface .PP whack \- control interface for IKE keying daemon ->>>>>>> upstream/4.5.1 .SH SYNOPSIS .na .nh @@ -1015,11 +1009,7 @@ specifies the name of the operation to be performed \fBup-host\fP, \fBup-client\fP, \fBdown-host\fP, or \fBdown-client\fP). If the address family for security gateway to security gateway communications is IPv6, then -<<<<<<< HEAD -a suffix of -v6 is added to the verb. -======= a suffix of \-v6 is added to the verb. ->>>>>>> upstream/4.5.1 .TP \fBPLUTO_CONNECTION\fP is the name of the connection for which we are routing. @@ -1581,11 +1571,7 @@ rejected with ECONNREFUSED (kernel supplied no details)''. John Denker suggests that this command is useful for tracking down the source of these problems: .br -<<<<<<< HEAD - tcpdump -i eth0 icmp[0] != 8 and icmp[0] != 0 -======= tcpdump \-i eth0 icmp[0] != 8 and icmp[0] != 0 ->>>>>>> upstream/4.5.1 .br Substitute your public interface for eth0 if it is different. .LP diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c index 627176c1b..309bde649 100644 --- a/src/pluto/plutomain.c +++ b/src/pluto/plutomain.c @@ -239,7 +239,8 @@ options_t *options; */ static void print_plugins() { - char buf[BUF_LEN], *plugin; + char buf[BUF_LEN]; + plugin_t *plugin; int len = 0; enumerator_t *enumerator; @@ -247,7 +248,7 @@ static void print_plugins() enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); while (len < BUF_LEN && enumerator->enumerate(enumerator, &plugin)) { - len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin); + len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin->get_name(plugin)); } enumerator->destroy(enumerator); DBG1(DBG_DMN, "loaded plugins: %s", buf); diff --git a/src/pluto/spdb.c b/src/pluto/spdb.c index 2ed07bdfc..48585432b 100644 --- a/src/pluto/spdb.c +++ b/src/pluto/spdb.c @@ -591,7 +591,7 @@ static u_int32_t decode_long_duration(pb_stream *pbs) if (pbs_left(pbs) > sizeof(val)) { /* "clamp" too large value to max representable value */ - val -= 1; /* portable way to get to maximum value */ + val = UINT32_MAX; DBG(DBG_PARSING, DBG_log(" too large duration clamped to: %lu" , (unsigned long)val)); } @@ -881,7 +881,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit, lset_t seen_attrs = 0; lset_t seen_durations = 0; u_int16_t life_type = 0; - struct oakley_trans_attrs ta; + struct oakley_trans_attrs ta = { .encrypter = NULL }; err_t ugh = NULL; /* set to diagnostic when problem detected */ /* initialize only optional field in ta */ diff --git a/src/pluto/state.c b/src/pluto/state.c index 3639f944d..e4234bc87 100644 --- a/src/pluto/state.c +++ b/src/pluto/state.c @@ -166,7 +166,10 @@ static struct state **state_hash(const u_char *icookie, const u_char *rcookie, */ struct state *new_state(void) { - static const struct state blank_state; /* initialized all to zero & NULL */ + /* initialized all to zero & NULL */ + static const struct state blank_state = { + .st_serialno = 0, + }; static so_serial_t next_so = SOS_FIRST; struct state *st; @@ -347,19 +350,20 @@ void delete_state(struct state *st) DESTROY_IF(st->st_dh); - free(st->st_tpacket.ptr); - free(st->st_rpacket.ptr); - free(st->st_p1isa.ptr); - free(st->st_gi.ptr); - free(st->st_gr.ptr); - free(st->st_shared.ptr); - free(st->st_ni.ptr); - free(st->st_nr.ptr); - free(st->st_skeyid.ptr); - free(st->st_skeyid_d.ptr); - free(st->st_skeyid_a.ptr); - free(st->st_skeyid_e.ptr); - free(st->st_enc_key.ptr); + chunk_clear(&st->st_tpacket); + chunk_clear(&st->st_rpacket); + chunk_clear(&st->st_p1isa); + chunk_clear(&st->st_gi); + chunk_clear(&st->st_gr); + chunk_clear(&st->st_shared); + chunk_clear(&st->st_ni); + chunk_clear(&st->st_nr); + chunk_clear(&st->st_skeyid); + chunk_clear(&st->st_skeyid_d); + chunk_clear(&st->st_skeyid_a); + chunk_clear(&st->st_skeyid_e); + chunk_clear(&st->st_enc_key); + free(st->st_ah.our_keymat); free(st->st_ah.peer_keymat); free(st->st_esp.our_keymat); diff --git a/src/pluto/x509.c b/src/pluto/x509.c index b76f02845..7e2aca862 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -255,13 +255,8 @@ bool verify_x509cert(cert_t *cert, bool strict, time_t *until) unlock_authcert_list("verify_x509cert"); /* check path length constraint */ -<<<<<<< HEAD - pathlen_constraint = x509->get_pathLenConstraint(x509); - if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && -======= pathlen_constraint = x509->get_constraint(x509, X509_PATH_LEN); if (pathlen_constraint != X509_NO_CONSTRAINT && ->>>>>>> upstream/4.5.1 pathlen > pathlen_constraint) { plog("path length of %d violates constraint of %d", @@ -455,13 +450,8 @@ void list_x509cert_chain(const char *caption, cert_t* cert, } /* list optional pathLenConstraint */ -<<<<<<< HEAD - pathlen = x509->get_pathLenConstraint(x509); - if (pathlen != X509_NO_PATH_LEN_CONSTRAINT) -======= pathlen = x509->get_constraint(x509, X509_PATH_LEN); if (pathlen != X509_NO_CONSTRAINT) ->>>>>>> upstream/4.5.1 { whack_log(RC_COMMENT, " pathlen: %d", pathlen); } diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 880715697..9f8ac874e 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -228,13 +228,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -255,6 +249,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -273,14 +269,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/scepclient/scepclient.8 b/src/scepclient/scepclient.8 index d717ba309..72750e155 100644 --- a/src/scepclient/scepclient.8 +++ b/src/scepclient/scepclient.8 @@ -239,20 +239,12 @@ Log raw hex dumps. .PP .B \-C, \-\-debug\-control .RS 4 -<<<<<<< HEAD -Log informations about control flow. -======= Log information about control flow. ->>>>>>> upstream/4.5.1 .RE .PP .B \-M, \-\-debug\-controlmore .RS 4 -<<<<<<< HEAD -Log more detailed informations about control flow. -======= Log more detailed information about control flow. ->>>>>>> upstream/4.5.1 .RE .PP .B \-X, \-\-debug\-private diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c index 448854acd..d9f6b0925 100644 --- a/src/scepclient/scepclient.c +++ b/src/scepclient/scepclient.c @@ -279,14 +279,15 @@ usage(const char *message) */ static void print_plugins() { - char buf[BUF_LEN], *plugin; + char buf[BUF_LEN]; + plugin_t *plugin; int len = 0; enumerator_t *enumerator; enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); while (len < BUF_LEN && enumerator->enumerate(enumerator, &plugin)) { - len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin); + len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin->get_name(plugin)); } enumerator->destroy(enumerator); DBG1(DBG_LIB, " loaded plugins: %s", buf); @@ -1019,6 +1020,7 @@ int main(int argc, char **argv) */ if (filetype_out & CERT) { + bool stored = FALSE; certificate_t *cert; enumerator_t *enumerator; char *path = concatenate_paths(CA_CERT_PATH, file_in_cacert_sig); @@ -1128,7 +1130,6 @@ int main(int argc, char **argv) enumerator = certs->create_enumerator(certs); while (enumerator->enumerate(enumerator, &cert)) { - bool stored = FALSE; x509_t *x509 = (x509_t*)cert; if (!(x509->get_flags(x509) & X509_CA)) diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index 29cdccbed..f05aeca22 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -25,10 +25,6 @@ AM_CFLAGS = \ starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB) EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf -<<<<<<< HEAD -dist_man_MANS = starter.8 -======= ->>>>>>> upstream/4.5.1 MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c PLUTODIR=$(top_srcdir)/src/pluto @@ -62,18 +58,6 @@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) -c -o $@ $(PLUTODIR)/defs.c install-exec-local : -<<<<<<< HEAD - test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true - test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true -======= test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true @@ -84,5 +68,4 @@ install-exec-local : test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true ->>>>>>> upstream/4.5.1 diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index e38324f4a..72adbf7bc 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -39,12 +39,7 @@ ipsec_PROGRAMS = starter$(EXEEXT) @USE_CHARON_TRUE@am__append_2 = -DSTART_CHARON @USE_LOAD_WARNING_TRUE@am__append_3 = -DLOAD_WARNING subdir = src/starter -<<<<<<< HEAD -DIST_COMMON = README $(dist_man_MANS) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in -======= DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ->>>>>>> upstream/4.5.1 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -60,11 +55,7 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -<<<<<<< HEAD -am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)" -======= am__installdirs = "$(DESTDIR)$(ipsecdir)" ->>>>>>> upstream/4.5.1 PROGRAMS = $(ipsec_PROGRAMS) am_starter_OBJECTS = y.tab.$(OBJEXT) netkey.$(OBJEXT) \ starterwhack.$(OBJEXT) starterstroke.$(OBJEXT) \ @@ -93,33 +84,6 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(starter_SOURCES) DIST_SOURCES = $(starter_SOURCES) -<<<<<<< HEAD -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -man8dir = $(mandir)/man8 -NROFF = nroff -MANS = $(dist_man_MANS) -======= ->>>>>>> upstream/4.5.1 ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -242,13 +206,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -269,6 +227,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -287,14 +247,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -324,10 +282,6 @@ AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \ $(am__append_2) $(am__append_3) starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB) EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf -<<<<<<< HEAD -dist_man_MANS = starter.8 -======= ->>>>>>> upstream/4.5.1 MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c PLUTODIR = $(top_srcdir)/src/pluto SCEPCLIENTDIR = $(top_srcdir)/src/scepclient @@ -461,47 +415,6 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -<<<<<<< HEAD -install-man8: $(dist_man_MANS) - @$(NORMAL_INSTALL) - test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list=''; test -n "$(man8dir)" || exit 0; \ - { for i in $$list; do echo "$$i"; done; \ - l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ - sed -n '/\.8[a-z]*$$/p'; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ - done | \ - sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ - sed 'N;N;s,\n, ,g' | { \ - list=; while read file base inst; do \ - if test "$$base" = "$$inst"; then list="$$list $$file"; else \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ - fi; \ - done; \ - for i in $$list; do echo "$$i"; done | $(am__base_list) | \ - while read files; do \ - test -z "$$files" || { \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ - done; } - -uninstall-man8: - @$(NORMAL_UNINSTALL) - @list=''; test -n "$(man8dir)" || exit 0; \ - files=`{ for i in $$list; do echo "$$i"; done; \ - l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ - test -z "$$files" || { \ - echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -======= ->>>>>>> upstream/4.5.1 ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -556,22 +469,6 @@ distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) -<<<<<<< HEAD - @list='$(MANS)'; if test -n "$$list"; then \ - list=`for p in $$list; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ - if test -n "$$list" && \ - grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ - echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ - grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ - echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ - echo " typically \`make maintainer-clean' will remove them" >&2; \ - exit 1; \ - else :; fi; \ - else :; fi -======= ->>>>>>> upstream/4.5.1 @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -603,15 +500,9 @@ distdir: $(DISTFILES) done check-am: all-am check: check-am -<<<<<<< HEAD -all-am: Makefile $(PROGRAMS) $(MANS) -installdirs: - for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)"; do \ -======= all-am: Makefile $(PROGRAMS) installdirs: for dir in "$(DESTDIR)$(ipsecdir)"; do \ ->>>>>>> upstream/4.5.1 test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -663,11 +554,7 @@ info: info-am info-am: -<<<<<<< HEAD -install-data-am: install-ipsecPROGRAMS install-man -======= install-data-am: install-ipsecPROGRAMS ->>>>>>> upstream/4.5.1 install-dvi: install-dvi-am @@ -683,11 +570,7 @@ install-info: install-info-am install-info-am: -<<<<<<< HEAD -install-man: install-man8 -======= install-man: ->>>>>>> upstream/4.5.1 install-pdf: install-pdf-am @@ -717,13 +600,7 @@ ps: ps-am ps-am: -<<<<<<< HEAD -uninstall-am: uninstall-ipsecPROGRAMS uninstall-man - -uninstall-man: uninstall-man8 -======= uninstall-am: uninstall-ipsecPROGRAMS ->>>>>>> upstream/4.5.1 .MAKE: install-am install-strip @@ -734,22 +611,12 @@ uninstall-am: uninstall-ipsecPROGRAMS install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-exec-local \ install-html install-html-am install-info install-info-am \ -<<<<<<< HEAD - install-ipsecPROGRAMS install-man install-man8 install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-ipsecPROGRAMS \ - uninstall-man uninstall-man8 -======= install-ipsecPROGRAMS install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-ipsecPROGRAMS ->>>>>>> upstream/4.5.1 lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h y.tab.h @@ -768,18 +635,6 @@ defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) -c -o $@ $(PLUTODIR)/defs.c install-exec-local : -<<<<<<< HEAD - test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/certs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/certs" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/acerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/acerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/aacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/aacerts" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true - test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true - test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true -======= test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true @@ -790,7 +645,6 @@ install-exec-local : test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true ->>>>>>> upstream/4.5.1 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/starter/args.c b/src/starter/args.c index 0c1a835ae..4d8003aab 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -239,10 +239,7 @@ static const token_info_t token_info[] = { ARG_MISC, 0, NULL /* KW_MARK */ }, { ARG_MISC, 0, NULL /* KW_MARK_IN */ }, { ARG_MISC, 0, NULL /* KW_MARK_OUT */ }, -<<<<<<< HEAD -======= { ARG_MISC, 0, NULL /* KW_TFC */ }, ->>>>>>> upstream/4.5.1 /* ca section keywords */ { ARG_STR, offsetof(starter_ca_t, name), NULL }, @@ -276,10 +273,7 @@ static const token_info_t token_info[] = { ARG_STR, offsetof(starter_end_t, rsakey), NULL }, { ARG_STR, offsetof(starter_end_t, cert), NULL }, { ARG_STR, offsetof(starter_end_t, cert2), NULL }, -<<<<<<< HEAD -======= { ARG_STR, offsetof(starter_end_t, cert_policy), NULL }, ->>>>>>> upstream/4.5.1 { ARG_ENUM, offsetof(starter_end_t, sendcert), LST_sendcert }, { ARG_STR, offsetof(starter_end_t, ca), NULL }, { ARG_STR, offsetof(starter_end_t, ca2), NULL }, @@ -548,6 +542,7 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base, } } } + /* fall through */ default: return TRUE; } diff --git a/src/starter/confread.c b/src/starter/confread.c index f48843750..1e7daa6a9 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -705,8 +705,6 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg cfg->err++; } break; -<<<<<<< HEAD -======= case KW_TFC: if (streq(kw->value, "%mtu")) { @@ -724,7 +722,6 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg } } break; ->>>>>>> upstream/4.5.1 case KW_KEYINGTRIES: if (streq(kw->value, "%forever")) { diff --git a/src/starter/confread.h b/src/starter/confread.h index ba17d0b9a..4f9c5f7d0 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -64,10 +64,7 @@ struct starter_end { char *ca; char *ca2; char *groups; -<<<<<<< HEAD -======= char *cert_policy; ->>>>>>> upstream/4.5.1 char *iface; ip_address addr; u_int ikeport; @@ -129,10 +126,7 @@ struct starter_conn { u_int32_t reqid; mark_t mark_in; mark_t mark_out; -<<<<<<< HEAD -======= u_int32_t tfc; ->>>>>>> upstream/4.5.1 sa_family_t addr_family; sa_family_t tunnel_addr_family; bool install_policy; diff --git a/src/starter/interfaces.c b/src/starter/interfaces.c index ef26cdce5..4a2ae0a57 100644 --- a/src/starter/interfaces.c +++ b/src/starter/interfaces.c @@ -153,6 +153,7 @@ get_defaultroute(defaultroute_t *defaultroute) } strncpy(defaultroute->iface, req.ifr_name, IFNAMSIZ); + defaultroute->iface[IFNAMSIZ-1] = '\0'; defaultroute->addr.u.v4 = *((struct sockaddr_in *) &req.ifr_addr); defaultroute->nexthop.u.v4.sin_family = AF_INET; diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c index f8aa5e6a9..e88939415 100644 --- a/src/starter/invokecharon.c +++ b/src/starter/invokecharon.c @@ -147,7 +147,7 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) char *pos = cfg->setup.charondebug; char *buf_pos = buffer; - while (pos && sscanf(pos, "%4s %d,", type, &level) == 2) + while (pos && sscanf(pos, "%3s %d,", type, &level) == 2) { snprintf(buf_pos, buffer + sizeof(buffer) - buf_pos, "--debug-%s", type); arg[argc++] = buf_pos; diff --git a/src/starter/keywords.c b/src/starter/keywords.c index 78c243f7e..340b7131d 100644 --- a/src/starter/keywords.c +++ b/src/starter/keywords.c @@ -54,21 +54,12 @@ struct kw_entry { kw_token_t token; }; -<<<<<<< HEAD -#define TOTAL_KEYWORDS 127 -#define MIN_WORD_LENGTH 3 -#define MAX_WORD_LENGTH 17 -#define MIN_HASH_VALUE 12 -#define MAX_HASH_VALUE 238 -/* maximum key range = 227, duplicates = 0 */ -======= #define TOTAL_KEYWORDS 130 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 #define MIN_HASH_VALUE 18 #define MAX_HASH_VALUE 249 /* maximum key range = 232, duplicates = 0 */ ->>>>>>> upstream/4.5.1 #ifdef __GNUC__ __inline @@ -84,34 +75,6 @@ hash (str, len) { static const unsigned char asso_values[] = { -<<<<<<< HEAD - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 2, - 104, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 15, 239, 20, 14, 58, - 51, 1, 7, 1, 81, 1, 239, 132, 47, 4, - 1, 49, 10, 9, 23, 1, 20, 48, 4, 239, - 239, 35, 1, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, - 239, 239, 239, 239, 239, 239 -======= 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, @@ -138,7 +101,6 @@ hash (str, len) 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250, 250 ->>>>>>> upstream/4.5.1 }; register int hval = len; @@ -162,134 +124,6 @@ hash (str, len) static const struct kw_entry wordlist[] = { {"pfs", KW_PFS}, -<<<<<<< HEAD - {"uniqueids", KW_UNIQUEIDS}, - {"rightgroups", KW_RIGHTGROUPS}, - {"lifetime", KW_KEYLIFE}, - {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN}, - {"rightnatip", KW_RIGHTNATIP}, - {"esp", KW_ESP}, - {"rightnexthop", KW_RIGHTNEXTHOP}, - {"rightsourceip", KW_RIGHTSOURCEIP}, - {"right", KW_RIGHT}, - {"leftupdown", KW_LEFTUPDOWN}, - {"leftnexthop", KW_LEFTNEXTHOP}, - {"left", KW_LEFT}, - {"keep_alive", KW_KEEP_ALIVE}, - {"rightsubnet", KW_RIGHTSUBNET}, - {"rightikeport", KW_RIGHTIKEPORT}, - {"rightsendcert", KW_RIGHTSENDCERT}, - {"leftcert", KW_LEFTCERT,}, - {"interfaces", KW_INTERFACES}, - {"lifepackets", KW_LIFEPACKETS}, - {"leftsendcert", KW_LEFTSENDCERT}, - {"leftgroups", KW_LEFTGROUPS}, - {"eap", KW_EAP}, - {"rightprotoport", KW_RIGHTPROTOPORT}, - {"leftnatip", KW_LEFTNATIP}, - {"keyingtries", KW_KEYINGTRIES}, - {"type", KW_TYPE}, - {"keylife", KW_KEYLIFE}, - {"mark_in", KW_MARK_IN}, - {"lifebytes", KW_LIFEBYTES}, - {"leftca", KW_LEFTCA}, - {"margintime", KW_REKEYMARGIN}, - {"marginbytes", KW_MARGINBYTES}, - {"leftrsasigkey", KW_LEFTRSASIGKEY}, - {"marginpackets", KW_MARGINPACKETS}, - {"certuribase", KW_CERTURIBASE}, - {"virtual_private", KW_VIRTUAL_PRIVATE}, - {"rightid", KW_RIGHTID}, - {"rightupdown", KW_RIGHTUPDOWN}, - {"compress", KW_COMPRESS}, - {"leftprotoport", KW_LEFTPROTOPORT}, - {"overridemtu", KW_OVERRIDEMTU}, - {"reqid", KW_REQID}, - {"inactivity", KW_INACTIVITY}, - {"leftfirewall", KW_LEFTFIREWALL}, - {"rightfirewall", KW_RIGHTFIREWALL}, - {"rightallowany", KW_RIGHTALLOWANY}, - {"mobike", KW_MOBIKE}, - {"lefthostaccess", KW_LEFTHOSTACCESS}, - {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, - {"rightrsasigkey", KW_RIGHTRSASIGKEY}, - {"pfsgroup", KW_PFSGROUP}, - {"me_peerid", KW_ME_PEERID}, - {"crluri", KW_CRLURI}, - {"leftsourceip", KW_LEFTSOURCEIP}, - {"crluri1", KW_CRLURI}, - {"mediation", KW_MEDIATION}, - {"dumpdir", KW_DUMPDIR}, - {"forceencaps", KW_FORCEENCAPS}, - {"leftsubnet", KW_LEFTSUBNET}, - {"rightca", KW_RIGHTCA}, - {"rightcert", KW_RIGHTCERT}, - {"ocspuri", KW_OCSPURI}, - {"dpdaction", KW_DPDACTION}, - {"ocspuri1", KW_OCSPURI}, - {"dpdtimeout", KW_DPDTIMEOUT}, - {"installpolicy", KW_INSTALLPOLICY}, - {"righthostaccess", KW_RIGHTHOSTACCESS}, - {"ldapbase", KW_LDAPBASE}, - {"also", KW_ALSO}, - {"leftallowany", KW_LEFTALLOWANY}, - {"force_keepalive", KW_FORCE_KEEPALIVE}, - {"keyexchange", KW_KEYEXCHANGE}, - {"hidetos", KW_HIDETOS}, - {"klipsdebug", KW_KLIPSDEBUG}, - {"plutostderrlog", KW_PLUTOSTDERRLOG}, - {"rightauth", KW_RIGHTAUTH}, - {"strictcrlpolicy", KW_STRICTCRLPOLICY}, - {"charondebug", KW_CHARONDEBUG}, - {"rightid2", KW_RIGHTID2}, - {"leftid", KW_LEFTID}, - {"mediated_by", KW_MEDIATED_BY}, - {"fragicmp", KW_FRAGICMP}, - {"mark_out", KW_MARK_OUT}, - {"auto", KW_AUTO}, - {"leftcert2", KW_LEFTCERT2,}, - {"nat_traversal", KW_NAT_TRAVERSAL}, - {"cacert", KW_CACERT}, - {"plutostart", KW_PLUTOSTART}, - {"eap_identity", KW_EAP_IDENTITY}, - {"prepluto", KW_PREPLUTO}, - {"packetdefault", KW_PACKETDEFAULT}, - {"xauth_identity", KW_XAUTH_IDENTITY}, - {"charonstart", KW_CHARONSTART}, - {"crlcheckinterval", KW_CRLCHECKINTERVAL}, - {"rightauth2", KW_RIGHTAUTH2}, - {"ike", KW_IKE}, - {"aaa_identity", KW_AAA_IDENTITY}, - {"leftca2", KW_LEFTCA2}, - {"authby", KW_AUTHBY}, - {"leftauth", KW_LEFTAUTH}, - {"cachecrls", KW_CACHECRLS}, - {"ldaphost", KW_LDAPHOST}, - {"rekeymargin", KW_REKEYMARGIN}, - {"rekeyfuzz", KW_REKEYFUZZ}, - {"dpddelay", KW_DPDDELAY}, - {"ikelifetime", KW_IKELIFETIME}, - {"auth", KW_AUTH}, - {"xauth", KW_XAUTH}, - {"postpluto", KW_POSTPLUTO}, - {"plutodebug", KW_PLUTODEBUG}, - {"modeconfig", KW_MODECONFIG}, - {"nocrsend", KW_NOCRSEND}, - {"leftauth2", KW_LEFTAUTH2}, - {"leftid2", KW_LEFTID2}, - {"leftikeport", KW_LEFTIKEPORT}, - {"rightca2", KW_RIGHTCA2}, - {"rekey", KW_REKEY}, - {"rightcert2", KW_RIGHTCERT2}, - {"mark", KW_MARK}, - {"crluri2", KW_CRLURI2}, - {"reauth", KW_REAUTH}, - {"ocspuri2", KW_OCSPURI2}, - {"pkcs11module", KW_PKCS11MODULE}, - {"pkcs11initargs", KW_PKCS11INITARGS}, - {"pkcs11keepstate", KW_PKCS11KEEPSTATE}, - {"pkcs11proxy", KW_PKCS11PROXY} -======= {"right", KW_RIGHT}, {"rightgroups", KW_RIGHTGROUPS}, {"left", KW_LEFT}, @@ -419,37 +253,11 @@ static const struct kw_entry wordlist[] = {"pkcs11proxy", KW_PKCS11PROXY}, {"modeconfig", KW_MODECONFIG}, {"postpluto", KW_POSTPLUTO} ->>>>>>> upstream/4.5.1 }; static const short lookup[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -<<<<<<< HEAD - -1, -1, 0, 1, -1, 2, -1, -1, 3, -1, - -1, 4, -1, 5, 6, 7, 8, 9, -1, 10, - 11, -1, 12, 13, 14, 15, 16, 17, -1, 18, - 19, 20, 21, 22, -1, -1, 23, 24, -1, 25, - 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, - 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, - 46, 47, 48, 49, 50, 51, -1, 52, 53, 54, - 55, -1, 56, 57, -1, 58, 59, 60, -1, 61, - 62, 63, 64, -1, -1, 65, -1, 66, -1, 67, - 68, 69, 70, 71, -1, -1, 72, -1, -1, 73, - 74, 75, 76, 77, 78, 79, 80, -1, 81, 82, - 83, 84, 85, 86, 87, -1, 88, -1, 89, 90, - -1, 91, 92, 93, 94, -1, 95, 96, 97, 98, - -1, -1, -1, -1, 99, 100, 101, -1, 102, 103, - 104, 105, 106, 107, 108, 109, -1, 110, -1, -1, - 111, -1, -1, -1, -1, -1, -1, 112, -1, 113, - 114, 115, 116, 117, 118, -1, -1, -1, -1, 119, - -1, -1, 120, -1, -1, -1, -1, -1, -1, 121, - -1, -1, -1, -1, 122, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 123, -1, 124, 125, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 126 -======= -1, -1, -1, -1, -1, -1, -1, -1, 0, 1, -1, -1, -1, 2, 3, -1, 4, -1, 5, 6, 7, 8, 9, -1, 10, 11, 12, 13, 14, -1, @@ -474,7 +282,6 @@ static const short lookup[] = -1, -1, -1, 122, -1, -1, 123, -1, 124, -1, 125, 126, -1, -1, -1, -1, 127, -1, 128, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 129 ->>>>>>> upstream/4.5.1 }; #ifdef __GNUC__ diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 23f6fd24b..9f46a8b4b 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -102,16 +102,10 @@ typedef enum { KW_MARK, KW_MARK_IN, KW_MARK_OUT, -<<<<<<< HEAD - -#define KW_CONN_FIRST KW_CONN_SETUP -#define KW_CONN_LAST KW_MARK_OUT -======= KW_TFC, #define KW_CONN_FIRST KW_CONN_SETUP #define KW_CONN_LAST KW_TFC ->>>>>>> upstream/4.5.1 /* ca section keywords */ KW_CA_NAME, @@ -148,10 +142,7 @@ typedef enum { KW_RSASIGKEY, KW_CERT, KW_CERT2, -<<<<<<< HEAD -======= KW_CERTPOLICY, ->>>>>>> upstream/4.5.1 KW_SENDCERT, KW_CA, KW_CA2, @@ -181,10 +172,7 @@ typedef enum { KW_LEFTRSASIGKEY, KW_LEFTCERT, KW_LEFTCERT2, -<<<<<<< HEAD -======= KW_LEFTCERTPOLICY, ->>>>>>> upstream/4.5.1 KW_LEFTSENDCERT, KW_LEFTCA, KW_LEFTCA2, @@ -213,10 +201,7 @@ typedef enum { KW_RIGHTRSASIGKEY, KW_RIGHTCERT, KW_RIGHTCERT2, -<<<<<<< HEAD -======= KW_RIGHTCERTPOLICY, ->>>>>>> upstream/4.5.1 KW_RIGHTSENDCERT, KW_RIGHTCA, KW_RIGHTCA2, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index 608981472..2c0e5de3d 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -93,10 +93,7 @@ reqid, KW_REQID mark, KW_MARK mark_in, KW_MARK_IN mark_out, KW_MARK_OUT -<<<<<<< HEAD -======= tfc, KW_TFC ->>>>>>> upstream/4.5.1 cacert, KW_CACERT ldaphost, KW_LDAPHOST ldapbase, KW_LDAPBASE @@ -124,14 +121,9 @@ leftid2, KW_LEFTID2 leftauth, KW_LEFTAUTH leftauth2, KW_LEFTAUTH2 leftrsasigkey, KW_LEFTRSASIGKEY -<<<<<<< HEAD -leftcert, KW_LEFTCERT, -leftcert2, KW_LEFTCERT2, -======= leftcert, KW_LEFTCERT leftcert2, KW_LEFTCERT2 leftcertpolicy, KW_LEFTCERTPOLICY ->>>>>>> upstream/4.5.1 leftsendcert, KW_LEFTSENDCERT leftca, KW_LEFTCA leftca2, KW_LEFTCA2 @@ -155,10 +147,7 @@ rightauth2, KW_RIGHTAUTH2 rightrsasigkey, KW_RIGHTRSASIGKEY rightcert, KW_RIGHTCERT rightcert2, KW_RIGHTCERT2 -<<<<<<< HEAD -======= rightcertpolicy, KW_RIGHTCERTPOLICY ->>>>>>> upstream/4.5.1 rightsendcert, KW_RIGHTSENDCERT rightca, KW_RIGHTCA rightca2, KW_RIGHTCA2 diff --git a/src/starter/starter.c b/src/starter/starter.c index c3ba54f1d..fcef2f7ff 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -714,7 +714,7 @@ int main (int argc, char **argv) if (conn->startup == STARTUP_START) { - if (conn->keyexchange == KEY_EXCHANGE_IKEV2) + if (conn->keyexchange != KEY_EXCHANGE_IKEV1) { if (starter_charon_pid()) { @@ -731,7 +731,7 @@ int main (int argc, char **argv) } else if (conn->startup == STARTUP_ROUTE) { - if (conn->keyexchange == KEY_EXCHANGE_IKEV2) + if (conn->keyexchange != KEY_EXCHANGE_IKEV1) { if (starter_charon_pid()) { diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 45d407384..7272b2530 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -118,7 +118,7 @@ static char* connection_name(starter_conn_t *conn) if (streq(conn->name, "%auto")) { - sprintf(buf, "conn_%ld", conn->id); + sprintf(buf, "conn_%lu", conn->id); return buf; } return conn->name; @@ -171,10 +171,7 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta msg_end->id2 = push_string(msg, conn_end->id2); msg_end->cert = push_string(msg, conn_end->cert); msg_end->cert2 = push_string(msg, conn_end->cert2); -<<<<<<< HEAD -======= msg_end->cert_policy = push_string(msg, conn_end->cert_policy); ->>>>>>> upstream/4.5.1 msg_end->ca = push_string(msg, conn_end->ca); msg_end->ca2 = push_string(msg, conn_end->ca2); msg_end->groups = push_string(msg, conn_end->groups); @@ -270,10 +267,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.mark_in.mask = conn->mark_in.mask; msg.add_conn.mark_out.value = conn->mark_out.value; msg.add_conn.mark_out.mask = conn->mark_out.mask; -<<<<<<< HEAD -======= msg.add_conn.tfc = conn->tfc; ->>>>>>> upstream/4.5.1 starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left); starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right); diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index 978841438..4e8318e0f 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -197,13 +197,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -224,6 +218,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -242,14 +238,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c index 4d1b8e7db..2c5a03d77 100644 --- a/src/stroke/stroke.c +++ b/src/stroke/stroke.c @@ -197,8 +197,6 @@ static int terminate_connection_srcip(char *start, char *end) return send_stroke_msg(&msg); } -<<<<<<< HEAD -======= static int rekey_connection(char *name) { stroke_msg_t msg; @@ -209,7 +207,6 @@ static int rekey_connection(char *name) return send_stroke_msg(&msg); } ->>>>>>> upstream/4.5.1 static int route_connection(char *name) { stroke_msg_t msg; @@ -288,12 +285,9 @@ static int reread(stroke_keyword_t kw) static int purge_flags[] = { PURGE_OCSP, - PURGE_IKE, -<<<<<<< HEAD -======= PURGE_CRLS, PURGE_CERTS, ->>>>>>> upstream/4.5.1 + PURGE_IKE, }; static int purge(stroke_keyword_t kw) @@ -391,13 +385,10 @@ static void exit_usage(char *error) printf(" stroke rereadsecrets|rereadcrls|rereadall\n"); printf(" Purge ocsp cache entries:\n"); printf(" stroke purgeocsp\n"); -<<<<<<< HEAD -======= printf(" Purge CRL cache entries:\n"); printf(" stroke purgecrls\n"); printf(" Purge X509 cache entries:\n"); printf(" stroke purgecerts\n"); ->>>>>>> upstream/4.5.1 printf(" Purge IKE_SAs without a CHILD_SA:\n"); printf(" stroke purgeike\n"); printf(" Export credentials to the console:\n"); @@ -468,8 +459,6 @@ int main(int argc, char *argv[]) } res = terminate_connection_srcip(argv[2], argc > 3 ? argv[3] : NULL); break; -<<<<<<< HEAD -======= case STROKE_REKEY: if (argc < 3) { @@ -477,7 +466,6 @@ int main(int argc, char *argv[]) } res = rekey_connection(argv[2]); break; ->>>>>>> upstream/4.5.1 case STROKE_ROUTE: if (argc < 3) { @@ -526,11 +514,8 @@ int main(int argc, char *argv[]) res = reread(token->kw); break; case STROKE_PURGE_OCSP: -<<<<<<< HEAD -======= case STROKE_PURGE_CRLS: case STROKE_PURGE_CERTS: ->>>>>>> upstream/4.5.1 case STROKE_PURGE_IKE: res = purge(token->kw); break; diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c index 3b2426a42..b43f4b475 100644 --- a/src/stroke/stroke_keywords.c +++ b/src/stroke/stroke_keywords.c @@ -54,21 +54,12 @@ struct stroke_token { stroke_keyword_t kw; }; -<<<<<<< HEAD -#define TOTAL_KEYWORDS 34 -#define MIN_WORD_LENGTH 2 -#define MAX_WORD_LENGTH 15 -#define MIN_HASH_VALUE 3 -#define MAX_HASH_VALUE 39 -/* maximum key range = 37, duplicates = 0 */ -======= #define TOTAL_KEYWORDS 37 #define MIN_WORD_LENGTH 2 #define MAX_WORD_LENGTH 15 #define MIN_HASH_VALUE 2 #define MAX_HASH_VALUE 42 /* maximum key range = 41, duplicates = 0 */ ->>>>>>> upstream/4.5.1 #ifdef __GNUC__ __inline @@ -84,34 +75,6 @@ hash (str, len) { static const unsigned char asso_values[] = { -<<<<<<< HEAD - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 18, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 0, 4, 1, - 1, 0, 40, 17, 40, 20, 40, 3, 0, 40, - 40, 12, 19, 40, 6, 3, 20, 12, 40, 40, - 10, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 40, 40, 40 -======= 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, @@ -138,7 +101,6 @@ hash (str, len) 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43, 43 ->>>>>>> upstream/4.5.1 }; register int hval = len; @@ -163,20 +125,6 @@ hash (str, len) static const struct stroke_token wordlist[] = { -<<<<<<< HEAD - {"add", STROKE_ADD}, - {"del", STROKE_DEL}, - {"down", STROKE_DOWN}, - {"leases", STROKE_LEASES}, - {"listall", STROKE_LIST_ALL}, - {"loglevel", STROKE_LOGLEVEL}, - {"listcrls", STROKE_LIST_CRLS}, - {"listacerts", STROKE_LIST_ACERTS}, - {"route", STROKE_ROUTE}, - {"listaacerts", STROKE_LIST_AACERTS}, - {"listcacerts", STROKE_LIST_CACERTS}, - {"up", STROKE_UP}, -======= {"up", STROKE_UP}, {"add", STROKE_ADD}, {"del", STROKE_DEL}, @@ -188,31 +136,12 @@ static const struct stroke_token wordlist[] = {"listaacerts", STROKE_LIST_AACERTS}, {"listcacerts", STROKE_LIST_CACERTS}, {"statusall", STROKE_STATUSALL}, ->>>>>>> upstream/4.5.1 {"rereadall", STROKE_REREAD_ALL}, {"listcerts", STROKE_LIST_CERTS}, {"rereadcrls", STROKE_REREAD_CRLS}, {"rereadacerts", STROKE_REREAD_ACERTS}, {"rereadaacerts", STROKE_REREAD_AACERTS}, {"rereadcacerts", STROKE_REREAD_CACERTS}, -<<<<<<< HEAD - {"status", STROKE_STATUS}, - {"rereadsecrets", STROKE_REREAD_SECRETS}, - {"listocsp", STROKE_LIST_OCSP}, - {"statusall", STROKE_STATUSALL}, - {"listalgs", STROKE_LIST_ALGS}, - {"exportx509", STROKE_EXPORT_X509}, - {"delete", STROKE_DELETE}, - {"listocspcerts", STROKE_LIST_OCSPCERTS}, - {"purgeocsp", STROKE_PURGE_OCSP}, - {"purgeike", STROKE_PURGE_IKE}, - {"unroute", STROKE_UNROUTE}, - {"listcainfos", STROKE_LIST_CAINFOS}, - {"rereadocspcerts", STROKE_REREAD_OCSPCERTS}, - {"listpubkeys", STROKE_LIST_PUBKEYS}, - {"down-srcip", STROKE_DOWN_SRCIP}, - {"listgroups", STROKE_LIST_GROUPS} -======= {"leases", STROKE_LEASES}, {"unroute", STROKE_UNROUTE}, {"listocsp", STROKE_LIST_OCSP}, @@ -233,21 +162,14 @@ static const struct stroke_token wordlist[] = {"loglevel", STROKE_LOGLEVEL}, {"listgroups", STROKE_LIST_GROUPS}, {"purgecerts", STROKE_PURGE_CERTS} ->>>>>>> upstream/4.5.1 }; static const short lookup[] = { -<<<<<<< HEAD - -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, - 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, 33 -======= -1, -1, 0, 1, 2, 3, -1, 4, 5, 6, -1, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, -1, -1, 35, 36 ->>>>>>> upstream/4.5.1 }; #ifdef __GNUC__ diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h index 76f6c1be3..ff2ba36ef 100644 --- a/src/stroke/stroke_keywords.h +++ b/src/stroke/stroke_keywords.h @@ -25,10 +25,7 @@ typedef enum { STROKE_UP, STROKE_DOWN, STROKE_DOWN_SRCIP, -<<<<<<< HEAD -======= STROKE_REKEY, ->>>>>>> upstream/4.5.1 STROKE_LOGLEVEL, STROKE_STATUS, STROKE_STATUSALL, @@ -52,11 +49,8 @@ typedef enum { STROKE_REREAD_CRLS, STROKE_REREAD_ALL, STROKE_PURGE_OCSP, -<<<<<<< HEAD -======= STROKE_PURGE_CRLS, STROKE_PURGE_CERTS, ->>>>>>> upstream/4.5.1 STROKE_PURGE_IKE, STROKE_EXPORT_X509, STROKE_LEASES, diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt index fcc2ba558..dafd1ab08 100644 --- a/src/stroke/stroke_keywords.txt +++ b/src/stroke/stroke_keywords.txt @@ -32,10 +32,7 @@ unroute, STROKE_UNROUTE up, STROKE_UP down, STROKE_DOWN down-srcip, STROKE_DOWN_SRCIP -<<<<<<< HEAD -======= rekey, STROKE_REKEY ->>>>>>> upstream/4.5.1 loglevel, STROKE_LOGLEVEL status, STROKE_STATUS statusall, STROKE_STATUSALL @@ -59,11 +56,8 @@ rereadacerts, STROKE_REREAD_ACERTS rereadcrls, STROKE_REREAD_CRLS rereadall, STROKE_REREAD_ALL purgeocsp, STROKE_PURGE_OCSP -<<<<<<< HEAD -======= purgecrls, STROKE_PURGE_CRLS purgecerts, STROKE_PURGE_CERTS ->>>>>>> upstream/4.5.1 purgeike, STROKE_PURGE_IKE exportx509, STROKE_EXPORT_X509 leases, STROKE_LEASES diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index b5fdacc00..9800d4319 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -105,15 +105,12 @@ enum purge_flag_t { PURGE_NONE = 0x0000, /** purge ocsp cache entries */ PURGE_OCSP = 0x0001, - /** purge IKE_SAs without a CHILD_SA */ - PURGE_IKE = 0x0002, -<<<<<<< HEAD -======= /** purge CRL cache entries */ - PURGE_CRLS = 0x0004, + PURGE_CRLS = 0x0002, /** purge X509 cache entries */ - PURGE_CERTS = 0x0008, ->>>>>>> upstream/4.5.1 + PURGE_CERTS = 0x0004, + /** purge IKE_SAs without a CHILD_SA */ + PURGE_IKE = 0x0008, }; typedef enum export_flag_t export_flag_t; @@ -152,10 +149,7 @@ struct stroke_end_t { char *ca; char *ca2; char *groups; -<<<<<<< HEAD -======= char *cert_policy; ->>>>>>> upstream/4.5.1 char *updown; char *address; u_int16_t ikeport; @@ -194,11 +188,8 @@ struct stroke_msg_t { STR_TERMINATE, /* terminate connection by peers srcip/virtual ip */ STR_TERMINATE_SRCIP, -<<<<<<< HEAD -======= /* rekey a connection */ STR_REKEY, ->>>>>>> upstream/4.5.1 /* show connection status */ STR_STATUS, /* show verbose connection status */ @@ -231,11 +222,7 @@ struct stroke_msg_t { /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */ struct { char *name; -<<<<<<< HEAD - } initiate, route, unroute, terminate, status, del_conn, del_ca; -======= } initiate, route, unroute, terminate, rekey, status, del_conn, del_ca; ->>>>>>> upstream/4.5.1 /* data for STR_TERMINATE_SRCIP */ struct { @@ -261,10 +248,7 @@ struct stroke_msg_t { int proxy_mode; int install_policy; u_int32_t reqid; -<<<<<<< HEAD -======= u_int32_t tfc; ->>>>>>> upstream/4.5.1 crl_policy_t crl_policy; int unique; diff --git a/src/whack/Makefile.in b/src/whack/Makefile.in index 7bab6b6e8..f62c2bfc0 100644 --- a/src/whack/Makefile.in +++ b/src/whack/Makefile.in @@ -196,13 +196,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -223,6 +217,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -241,14 +237,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/whack/whack.c b/src/whack/whack.c index c5fe3b458..ac2d3ea40 100644 --- a/src/whack/whack.c +++ b/src/whack/whack.c @@ -1155,6 +1155,7 @@ int main(int argc, char **argv) case OPT_STATUSALL: /* --statusall */ msg.whack_statusall = TRUE; + /* fall through */ case OPT_STATUS: /* --status */ msg.whack_status = TRUE; |